Vendor CVEs
Jasper Project
All CVEs
96 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5504 | Med | 0.36 | 5.5 | 0.02 | Mar 1, 2017 | The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | ||
| CVE-2017-5503 | Med | 0.36 | 5.5 | 0.02 | Mar 1, 2017 | The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image. | ||
| CVE-2017-5502 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | ||
| CVE-2017-5501 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||
| CVE-2017-5500 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | ||
| CVE-2017-5499 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||
| CVE-2017-5498 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | ||
| CVE-2016-8692 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2017 | The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. | ||
| CVE-2016-8691 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2017 | The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. | ||
| CVE-2016-8690 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2017 | The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. | ||
| CVE-2016-8883 | Med | 0.36 | 5.5 | 0.01 | Jan 13, 2017 | The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | ||
| CVE-2016-8882 | Med | 0.36 | 5.5 | 0.02 | Jan 13, 2017 | The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | ||
| CVE-2025-8837 | Med | 0.34 | 5.3 | 0.00 | Aug 11, 2025 | A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been… | ||
| CVE-2016-9583 | Med | 0.29 | 5.5 | 0.02 | Aug 1, 2018 | An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. | ||
| CVE-2015-5221 | Med | 0.29 | 5.5 | 0.02 | Jul 25, 2017 | Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | ||
| CVE-2025-8836 | Low | 0.21 | 3.3 | 0.00 | Aug 11, 2025 | A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The… | ||
| CVE-2025-8835 | Low | 0.21 | 3.3 | 0.00 | Aug 11, 2025 | A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible… | ||
| CVE-2014-8158 | 0.01 | — | 0.14 | Jan 26, 2015 | Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. | |||
| CVE-2014-8157 | 0.01 | — | 0.17 | Jan 26, 2015 | Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. | |||
| CVE-2014-8138 | 0.01 | — | 0.18 | Dec 24, 2014 | Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file. | |||
| CVE-2014-8137 | 0.01 | — | 0.15 | Dec 24, 2014 | Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file. | |||
| CVE-2014-9029 | 0.01 | — | 0.18 | Dec 8, 2014 | Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow. | |||
| CVE-2011-4517 | 0.01 | — | 0.11 | Dec 15, 2011 | The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory… | |||
| CVE-2011-4516 | 0.01 | — | 0.11 | Dec 15, 2011 | Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker… | |||
| CVE-2023-51257 | 0.00 | — | 0.00 | Jan 16, 2024 | An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. | |||
| CVE-2022-2963 | 0.00 | — | 0.01 | Oct 14, 2022 | A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. | |||
| CVE-2022-40755 | 0.00 | — | 0.00 | Sep 16, 2022 | JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. | |||
| CVE-2021-3467 | 0.00 | — | 0.01 | Mar 25, 2021 | A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. | |||
| CVE-2021-3443 | 0.00 | — | 0.01 | Mar 25, 2021 | A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. | |||
| CVE-2021-26927 | 0.00 | — | 0.01 | Feb 23, 2021 | A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service. | |||
| CVE-2021-3272 | 0.00 | — | 0.01 | Jan 27, 2021 | jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. | |||
| CVE-2020-27828 | 0.00 | — | 0.01 | Dec 11, 2020 | There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. | |||
| CVE-2015-8751 | 0.00 | — | 0.02 | Feb 17, 2020 | Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. | |||
| CVE-2018-20622 | 0.00 | — | 0.03 | Dec 31, 2018 | JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. | |||
| CVE-2018-20584 | 0.00 | — | 0.03 | Dec 30, 2018 | JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | |||
| CVE-2018-20570 | 0.00 | — | 0.02 | Dec 28, 2018 | jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. | |||
| CVE-2018-19542 | 0.00 | — | 0.02 | Nov 26, 2018 | An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. | |||
| CVE-2018-19540 | 0.00 | — | 0.02 | Nov 26, 2018 | An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0,… | |||
| CVE-2018-19539 | 0.00 | — | 0.02 | Nov 26, 2018 | An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. | |||
| CVE-2018-19543 | 0.00 | — | 0.02 | Nov 26, 2018 | An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. | |||
| CVE-2018-19541 | 0.00 | — | 0.03 | Nov 26, 2018 | An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0,… | |||
| CVE-2018-19139 | 0.00 | — | 0.02 | Nov 9, 2018 | An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. | |||
| CVE-2018-18873 | 0.00 | — | 0.01 | Oct 31, 2018 | An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. | |||
| CVE-2008-3522 | 0.00 | — | 0.05 | Oct 2, 2008 | Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. | |||
| CVE-2008-3521 | 0.00 | — | 0.00 | Oct 2, 2008 | Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally… | |||
| CVE-2008-3520 | 0.00 | — | 0.03 | Oct 2, 2008 | Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. |
- risk 0.36cvss 5.5epss 0.02
The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
- risk 0.36cvss 5.5epss 0.02
The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.
- risk 0.36cvss 5.5epss 0.01
libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
- risk 0.36cvss 5.5epss 0.01
Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
- risk 0.36cvss 5.5epss 0.01
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
- risk 0.36cvss 5.5epss 0.02
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
- risk 0.36cvss 5.5epss 0.02
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
- risk 0.36cvss 5.5epss 0.02
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
- risk 0.36cvss 5.5epss 0.01
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
- risk 0.36cvss 5.5epss 0.02
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
- risk 0.34cvss 5.3epss 0.00
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been…
- risk 0.29cvss 5.5epss 0.02
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
- risk 0.29cvss 5.5epss 0.02
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
- risk 0.21cvss 3.3epss 0.00
A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The…
- risk 0.21cvss 3.3epss 0.00
A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible…
- CVE-2014-8158Jan 26, 2015risk 0.01cvss —epss 0.14
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
- CVE-2014-8157Jan 26, 2015risk 0.01cvss —epss 0.17
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
- CVE-2014-8138Dec 24, 2014risk 0.01cvss —epss 0.18
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
- CVE-2014-8137Dec 24, 2014risk 0.01cvss —epss 0.15
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
- CVE-2014-9029Dec 8, 2014risk 0.01cvss —epss 0.18
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
- CVE-2011-4517Dec 15, 2011risk 0.01cvss —epss 0.11
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory…
- CVE-2011-4516Dec 15, 2011risk 0.01cvss —epss 0.11
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker…
- CVE-2023-51257Jan 16, 2024risk 0.00cvss —epss 0.00
An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
- CVE-2022-2963Oct 14, 2022risk 0.00cvss —epss 0.01
A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.
- CVE-2022-40755Sep 16, 2022risk 0.00cvss —epss 0.00
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.
- CVE-2021-3467Mar 25, 2021risk 0.00cvss —epss 0.01
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
- CVE-2021-3443Mar 25, 2021risk 0.00cvss —epss 0.01
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
- CVE-2021-26927Feb 23, 2021risk 0.00cvss —epss 0.01
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
- CVE-2021-3272Jan 27, 2021risk 0.00cvss —epss 0.01
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
- CVE-2020-27828Dec 11, 2020risk 0.00cvss —epss 0.01
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
- CVE-2015-8751Feb 17, 2020risk 0.00cvss —epss 0.02
Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.
- CVE-2018-20622Dec 31, 2018risk 0.00cvss —epss 0.03
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
- CVE-2018-20584Dec 30, 2018risk 0.00cvss —epss 0.03
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.
- CVE-2018-20570Dec 28, 2018risk 0.00cvss —epss 0.02
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
- CVE-2018-19542Nov 26, 2018risk 0.00cvss —epss 0.02
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
- CVE-2018-19540Nov 26, 2018risk 0.00cvss —epss 0.02
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0,…
- CVE-2018-19539Nov 26, 2018risk 0.00cvss —epss 0.02
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
- CVE-2018-19543Nov 26, 2018risk 0.00cvss —epss 0.02
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
- CVE-2018-19541Nov 26, 2018risk 0.00cvss —epss 0.03
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0,…
- CVE-2018-19139Nov 9, 2018risk 0.00cvss —epss 0.02
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
- CVE-2018-18873Oct 31, 2018risk 0.00cvss —epss 0.01
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
- CVE-2008-3522Oct 2, 2008risk 0.00cvss —epss 0.05
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
- CVE-2008-3521Oct 2, 2008risk 0.00cvss —epss 0.00
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally…
- CVE-2008-3520Oct 2, 2008risk 0.00cvss —epss 0.03
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
Page 2 of 2