VYPR
Vendor

Jasper

Products
5
CVEs
74
Across products
75
Status
Private

Products

5

Recent CVEs

74
View all 74 CVEs →
  • CVE-2016-9387HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.02

    Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.

  • CVE-2016-8886HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.02

    The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

  • CVE-2016-9560HigFeb 15, 2017
    risk 0.51cvss 7.8epss 0.03

    Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

  • CVE-2016-8693HigFeb 15, 2017
    risk 0.51cvss 7.8epss 0.03

    Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.

  • CVE-2016-1577HigApr 13, 2016
    risk 0.50cvss 7.6epss 0.03

    Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability…

  • CVE-2018-9154HigMay 4, 2018
    risk 0.49cvss 7.5epss 0.03

    There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.

  • CVE-2017-13752HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13751HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13750HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13749HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13748HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.05

    There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.

  • CVE-2017-13747HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13746HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13745HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.

  • CVE-2017-1000050HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.

  • CVE-2016-9399HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

  • CVE-2016-9398HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.06

    The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

  • CVE-2016-9397HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

  • CVE-2016-9396HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.06

    The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.

  • CVE-2016-9389HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).