Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jasper Project Subscribe
Filtered by product Jasper
Total 97 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8157 4 Debian, Jasper Project, Opensuse and 1 more 4 Debian Linux, Jasper, Opensuse and 1 more 2018-10-30 7.5 HIGH N/A
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
CVE-2014-8158 4 Debian, Jasper Project, Opensuse and 1 more 4 Debian Linux, Jasper, Opensuse and 1 more 2018-10-30 6.8 MEDIUM N/A
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
CVE-2016-8693 3 Fedoraproject, Jasper Project, Opensuse 3 Fedora, Jasper, Opensuse 2018-10-30 6.8 MEDIUM 7.8 HIGH
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
CVE-2014-9029 1 Jasper Project 1 Jasper 2018-10-09 7.5 HIGH N/A
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
CVE-2016-9390 1 Jasper Project 1 Jasper 2018-06-28 4.3 MEDIUM 5.5 MEDIUM
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
CVE-2016-9393 1 Jasper Project 1 Jasper 2018-06-28 4.3 MEDIUM 5.5 MEDIUM
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-9391 1 Jasper Project 1 Jasper 2018-06-28 5.0 MEDIUM 7.5 HIGH
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
CVE-2016-9388 1 Jasper Project 1 Jasper 2018-06-28 4.3 MEDIUM 5.5 MEDIUM
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
CVE-2016-9387 1 Jasper Project 1 Jasper 2018-06-28 6.8 MEDIUM 7.8 HIGH
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
CVE-2016-9262 1 Jasper Project 1 Jasper 2018-06-28 4.3 MEDIUM 5.5 MEDIUM
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
CVE-2016-8887 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2018-06-28 4.3 MEDIUM 5.5 MEDIUM
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
CVE-2016-8883 1 Jasper Project 1 Jasper 2018-06-28 4.3 MEDIUM 5.5 MEDIUM
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2017-6850 1 Jasper Project 1 Jasper 2018-06-28 4.3 MEDIUM 5.5 MEDIUM
The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
CVE-2016-10250 1 Jasper Project 1 Jasper 2018-06-28 5.0 MEDIUM 7.5 HIGH
The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.
CVE-2016-10248 1 Jasper Project 1 Jasper 2018-06-28 5.0 MEDIUM 7.5 HIGH
The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.
CVE-2016-9394 1 Jasper Project 1 Jasper 2018-06-28 4.3 MEDIUM 5.5 MEDIUM
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-8884 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2018-01-04 4.3 MEDIUM 5.5 MEDIUM
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
CVE-2016-8885 1 Jasper Project 1 Jasper 2018-01-04 4.3 MEDIUM 5.5 MEDIUM
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.
CVE-2016-8692 3 Debian, Fedoraproject, Jasper Project 3 Debian Linux, Fedora, Jasper 2018-01-04 4.3 MEDIUM 5.5 MEDIUM
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
CVE-2016-8691 3 Debian, Fedoraproject, Jasper Project 3 Debian Linux, Fedora, Jasper 2018-01-04 4.3 MEDIUM 5.5 MEDIUM
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.