Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jasper Project Subscribe
Filtered by product Jasper
Total 97 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20584 3 Debian, Jasper Project, Oracle 3 Debian Linux, Jasper, Outside In Technology 2023-02-28 4.3 MEDIUM 6.5 MEDIUM
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.
CVE-2008-3521 1 Jasper Project 1 Jasper 2023-02-12 7.2 HIGH N/A
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.
CVE-2022-2963 3 Fedoraproject, Jasper Project, Redhat 3 Fedora, Jasper, Enterprise Linux 2022-10-18 N/A 7.5 HIGH
A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.
CVE-2022-40755 1 Jasper Project 1 Jasper 2022-09-21 N/A 5.5 MEDIUM
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.
CVE-2020-27828 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2022-08-05 6.8 MEDIUM 7.8 HIGH
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
CVE-2015-8751 1 Jasper Project 1 Jasper 2022-01-14 6.8 MEDIUM 8.8 HIGH
Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.
CVE-2021-27845 1 Jasper Project 1 Jasper 2021-09-07 4.3 MEDIUM 5.5 MEDIUM
A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c
CVE-2021-3467 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-03-30 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
CVE-2021-3443 3 Fedoraproject, Jasper Project, Redhat 3 Fedora, Jasper, Enterprise Linux 2021-03-30 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
CVE-2021-26927 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-03-23 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
CVE-2021-26926 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-03-22 5.8 MEDIUM 7.1 HIGH
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
CVE-2016-9560 3 Debian, Jasper Project, Redhat 8 Debian Linux, Jasper, Enterprise Linux Desktop and 5 more 2021-03-15 6.8 MEDIUM 7.8 HIGH
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
CVE-2016-9398 4 Fedoraproject, Jasper Project, Opensuse and 1 more 6 Fedora, Jasper, Leap and 3 more 2021-02-22 5.0 MEDIUM 7.5 HIGH
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2017-1000050 4 Canonical, Fedoraproject, Jasper Project and 1 more 6 Ubuntu Linux, Fedora, Jasper and 3 more 2021-02-22 5.0 MEDIUM 7.5 HIGH
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
CVE-2016-9397 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-22 5.0 MEDIUM 7.5 HIGH
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-9399 3 Fedoraproject, Jasper Project, Opensuse 3 Fedora, Jasper, Leap 2021-02-22 5.0 MEDIUM 7.5 HIGH
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2021-3272 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-12 4.3 MEDIUM 5.5 MEDIUM
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
CVE-2017-13750 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-05 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13751 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-05 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13749 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-05 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.