VYPR

Vendor CVEs

Jasper Project

All CVEs

96 total · sorted by risk
  • CVE-2016-9387HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.02

    Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.

  • CVE-2016-8886HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.02

    The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

  • CVE-2017-6852HigMar 15, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

  • CVE-2016-9560HigFeb 15, 2017
    risk 0.51cvss 7.8epss 0.03

    Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

  • CVE-2016-8693HigFeb 15, 2017
    risk 0.51cvss 7.8epss 0.03

    Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.

  • CVE-2016-1577HigApr 13, 2016
    risk 0.50cvss 7.6epss 0.03

    Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability…

  • CVE-2017-14229HigSep 9, 2017
    risk 0.49cvss 7.5epss 0.03

    There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.

  • CVE-2017-13752HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13751HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13750HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13749HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13748HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.05

    There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.

  • CVE-2017-13747HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13746HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13745HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.

  • CVE-2017-1000050HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.

  • CVE-2016-9399HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

  • CVE-2016-9398HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.06

    The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

  • CVE-2016-9397HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

  • CVE-2016-9396HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.06

    The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.

  • CVE-2016-9391HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

  • CVE-2016-9389HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).

  • CVE-2016-8654HigAug 1, 2018
    risk 0.44cvss 7.8epss 0.02

    A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

  • CVE-2016-10251HigMar 15, 2017
    risk 0.44cvss 7.8epss 0.02

    Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

  • CVE-2016-10249HigMar 15, 2017
    risk 0.44cvss 7.8epss 0.02

    Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.

  • CVE-2024-31744HigApr 19, 2024
    risk 0.42cvss 7.5epss 0.01

    In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.

  • CVE-2017-14132MedSep 4, 2017
    risk 0.42cvss 6.5epss 0.02

    JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4,…

  • CVE-2016-10250HigMar 15, 2017
    risk 0.42cvss 7.5epss 0.04

    The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2016-10248HigMar 15, 2017
    risk 0.42cvss 7.5epss 0.04

    The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

  • CVE-2016-2089MedFeb 8, 2016
    risk 0.42cvss 6.5epss 0.03

    The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.

  • CVE-2016-1867MedJan 20, 2016
    risk 0.42cvss 6.5epss 0.02

    The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

  • CVE-2016-2116MedApr 13, 2016
    risk 0.37cvss 5.7epss 0.03

    Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.

  • CVE-2018-9055MedMar 27, 2018
    risk 0.36cvss 5.5epss 0.02

    JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.

  • CVE-2016-9591MedMar 9, 2018
    risk 0.36cvss 5.5epss 0.01

    JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

  • CVE-2015-5203MedAug 2, 2017
    risk 0.36cvss 5.5epss 0.02

    Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

  • CVE-2017-9782MedJun 21, 2017
    risk 0.36cvss 5.5epss 0.02

    JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.

  • CVE-2016-8884MedMar 28, 2017
    risk 0.36cvss 5.5epss 0.02

    The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2016-9557MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

  • CVE-2016-9395MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.01

    The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

  • CVE-2016-9394MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

  • CVE-2016-9393MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

  • CVE-2016-9392MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

  • CVE-2016-9390MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

  • CVE-2016-9388MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

  • CVE-2016-9262MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.

  • CVE-2016-8887MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

  • CVE-2016-8885MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.

  • CVE-2017-5505MedMar 16, 2017
    risk 0.36cvss 5.5epss 0.02

    The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

  • CVE-2017-6851MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.

  • CVE-2017-6850MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

Page 1 of 2