VYPR

Jasper

by Jasper Project

Source repositories

CVEs (96)

  • CVE-2021-3272Jan 27, 2021
    risk 0.00cvss epss 0.01

    jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

  • CVE-2020-27828Dec 11, 2020
    risk 0.00cvss epss 0.01

    There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.

  • CVE-2015-8751Feb 17, 2020
    risk 0.00cvss epss 0.02

    Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.

  • CVE-2018-20622Dec 31, 2018
    risk 0.00cvss epss 0.03

    JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.

  • CVE-2018-20584Dec 30, 2018
    risk 0.00cvss epss 0.03

    JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.

  • CVE-2018-20570Dec 28, 2018
    risk 0.00cvss epss 0.02

    jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.

  • CVE-2018-19542Nov 26, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.

  • CVE-2018-19540Nov 26, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0,…

  • CVE-2018-19539Nov 26, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

  • CVE-2018-19543Nov 26, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

  • CVE-2018-19541Nov 26, 2018
    risk 0.00cvss epss 0.03

    An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0,…

  • CVE-2018-19139Nov 9, 2018
    risk 0.00cvss epss 0.02

    An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.

  • CVE-2018-18873Oct 31, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

  • CVE-2008-3522Oct 2, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

  • CVE-2008-3521Oct 2, 2008
    risk 0.00cvss epss 0.00

    Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally…

  • CVE-2008-3520Oct 2, 2008
    risk 0.00cvss epss 0.03

    Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.

Page 5 of 5