VYPR

Vendor CVEs

Jasper

All CVEs

74 total · sorted by risk
  • CVE-2016-8692MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.

  • CVE-2016-8691MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.

  • CVE-2016-8690MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.

  • CVE-2016-8883MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.01

    The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

  • CVE-2016-8882MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.02

    The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

  • CVE-2015-5221MedJul 25, 2017
    risk 0.29cvss 5.5epss 0.02

    Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

  • CVE-2009-3711Oct 16, 2009
    risk 0.08cvss epss 0.64

    Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.

  • CVE-2009-4769Apr 20, 2010
    risk 0.06cvss epss 0.38

    Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote…

  • CVE-2009-4531Dec 31, 2009
    risk 0.04cvss epss 0.07

    httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.

  • CVE-2009-3663Oct 11, 2009
    risk 0.04cvss epss 0.15

    Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.

  • CVE-2014-8158Jan 26, 2015
    risk 0.01cvss epss 0.14

    Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

  • CVE-2014-8157Jan 26, 2015
    risk 0.01cvss epss 0.17

    Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

  • CVE-2014-8138Dec 24, 2014
    risk 0.01cvss epss 0.18

    Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.

  • CVE-2014-8137Dec 24, 2014
    risk 0.01cvss epss 0.15

    Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

  • CVE-2014-9029Dec 8, 2014
    risk 0.01cvss epss 0.18

    Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.

  • CVE-2011-4517Dec 15, 2011
    risk 0.01cvss epss 0.11

    The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory…

  • CVE-2011-4516Dec 15, 2011
    risk 0.01cvss epss 0.11

    Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker…

  • CVE-2024-0419Jan 11, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been…

  • CVE-2021-27845Jul 15, 2021
    risk 0.00cvss epss 0.01

    A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c

  • CVE-2009-4770Apr 20, 2010
    risk 0.00cvss epss 0.01

    The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access.

  • CVE-2008-3522Oct 2, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

  • CVE-2008-3521Oct 2, 2008
    risk 0.00cvss epss 0.00

    Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally…

  • CVE-2008-3520Oct 2, 2008
    risk 0.00cvss epss 0.03

    Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.

  • CVE-2007-2721May 16, 2007
    risk 0.00cvss epss 0.02

    The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using…

Page 2 of 2