Jasper

Source repositories

https://github.com/mdadams/jasper

CVEs (35)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-9393	Jasper Project Jasper	Med	0.36	5.5	0.00	Mar 23, 2017	The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-9392	Mdadams Jasper	Med	0.36	5.5	0.00	Mar 23, 2017	The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-9390	Mdadams Jasper	Med	0.36	5.5	0.00	Mar 23, 2017	The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
CVE-2016-9388	Mdadams Jasper	Med	0.36	5.5	0.00	Mar 23, 2017	The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
CVE-2016-9262	Mdadams Jasper	Med	0.36	5.5	0.00	Mar 23, 2017	Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
CVE-2016-8887	Fedoraproject Fedora	Med	0.36	5.5	0.00	Mar 23, 2017	The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
CVE-2017-5505	Jasper Project Jasper	Med	0.36	5.5	0.00	Mar 16, 2017	The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
CVE-2017-6851	Jasper Project Jasper	Med	0.36	5.5	0.00	Mar 15, 2017	The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.
CVE-2017-6850	Jasper Project Jasper	Med	0.36	5.5	0.00	Mar 15, 2017	The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
CVE-2016-8692	Debian Debian Linux	Med	0.36	5.5	0.00	Feb 15, 2017	The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
CVE-2016-8691	Debian Debian Linux	Med	0.36	5.5	0.00	Feb 15, 2017	The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
CVE-2016-8690	Fedoraproject Fedora	Med	0.36	5.5	0.00	Feb 15, 2017	The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
CVE-2018-20622	Mdadams Jasper		0.00	—	0.01	Dec 31, 2018	JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
CVE-2018-20584	Mdadams Jasper		0.00	—	0.00	Dec 30, 2018	JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.
CVE-2018-20570	Mdadams Jasper		0.00	—	0.01	Dec 28, 2018	jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.

CVE-2016-9393MedMar 23, 2017
Jasper Project
Jasper
risk 0.36cvss 5.5epss 0.00
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-9392MedMar 23, 2017
Mdadams
Jasper
risk 0.36cvss 5.5epss 0.00
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-9390MedMar 23, 2017
Mdadams
Jasper
risk 0.36cvss 5.5epss 0.00
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
CVE-2016-9388MedMar 23, 2017
Mdadams
Jasper
risk 0.36cvss 5.5epss 0.00
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
CVE-2016-9262MedMar 23, 2017
Mdadams
Jasper
risk 0.36cvss 5.5epss 0.00
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
CVE-2016-8887MedMar 23, 2017
Fedoraproject
Fedora
risk 0.36cvss 5.5epss 0.00
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
CVE-2017-5505MedMar 16, 2017
Jasper Project
Jasper
risk 0.36cvss 5.5epss 0.00
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
CVE-2017-6851MedMar 15, 2017
Jasper Project
Jasper
risk 0.36cvss 5.5epss 0.00
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.
CVE-2017-6850MedMar 15, 2017
Jasper Project
Jasper
risk 0.36cvss 5.5epss 0.00
The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
CVE-2016-8692MedFeb 15, 2017
Debian
Debian Linux
risk 0.36cvss 5.5epss 0.00
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
CVE-2016-8691MedFeb 15, 2017
Debian
Debian Linux
risk 0.36cvss 5.5epss 0.00
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
CVE-2016-8690MedFeb 15, 2017
Fedoraproject
Fedora
risk 0.36cvss 5.5epss 0.00
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
CVE-2018-20622Dec 31, 2018
Mdadams
Jasper
risk 0.00cvss —epss 0.01
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
CVE-2018-20584Dec 30, 2018
Mdadams
Jasper
risk 0.00cvss —epss 0.00
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.
CVE-2018-20570Dec 28, 2018
Mdadams
Jasper
risk 0.00cvss —epss 0.01
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.

Page 2 of 2