Filtered by vendor Jasper Project
Subscribe
Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20584 | 3 Debian, Jasper Project, Oracle | 3 Debian Linux, Jasper, Outside In Technology | 2023-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | |||||
| CVE-2008-3521 | 1 Jasper Project | 1 Jasper | 2023-02-12 | 7.2 HIGH | N/A |
| Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion. | |||||
| CVE-2022-2963 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2022-10-18 | N/A | 7.5 HIGH |
| A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. | |||||
| CVE-2022-40755 | 1 Jasper Project | 1 Jasper | 2022-09-21 | N/A | 5.5 MEDIUM |
| JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. | |||||
| CVE-2020-27828 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2022-08-05 | 6.8 MEDIUM | 7.8 HIGH |
| There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. | |||||
| CVE-2015-8751 | 1 Jasper Project | 1 Jasper | 2022-01-14 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. | |||||
| CVE-2021-27845 | 1 Jasper Project | 1 Jasper | 2021-09-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c | |||||
| CVE-2021-3467 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-03-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. | |||||
| CVE-2021-3443 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2021-03-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. | |||||
| CVE-2021-26927 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-03-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service. | |||||
| CVE-2021-26926 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-03-22 | 5.8 MEDIUM | 7.1 HIGH |
| A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. | |||||
| CVE-2016-9560 | 3 Debian, Jasper Project, Redhat | 8 Debian Linux, Jasper, Enterprise Linux Desktop and 5 more | 2021-03-15 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. | |||||
| CVE-2016-9398 | 4 Fedoraproject, Jasper Project, Opensuse and 1 more | 6 Fedora, Jasper, Leap and 3 more | 2021-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
| CVE-2017-1000050 | 4 Canonical, Fedoraproject, Jasper Project and 1 more | 6 Ubuntu Linux, Fedora, Jasper and 3 more | 2021-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | |||||
| CVE-2016-9397 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
| CVE-2016-9399 | 3 Fedoraproject, Jasper Project, Opensuse | 3 Fedora, Jasper, Leap | 2021-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
| CVE-2021-3272 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-02-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. | |||||
| CVE-2017-13750 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
| CVE-2017-13751 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
| CVE-2017-13749 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||