MiracleLinux 7 : jasper-1.900.1-33.el7 (AXSA:2019-3676:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3676:01 advisory. jasper: reachable assertion in JPCNOMINALGAIN CVE-2016-9396 jasper: NULL pointer exception in jp2encode CVE-2017-1000050 Tenable has extracted the...

Amazon Linux 2 : jasper (ALAS-2023-2018)

The version of jasper installed on the remote host is prior to 1.900.1-33. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2018 advisory. A flaw was found in the Jasper tool's jpc encoder. This flaw allows an attacker to craft input provided to Jasper, causi...

Debian: Security Advisory (DLA-1583-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3785-1 : jasper - security update

Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

DLA-739-1 jasper - security update

Bulletin has no description...

JasPer Remote Code Execution Vulnerability

JasPer is a Canadian software developer Michael Adams developed an open source implementation of the JPEG-2000 codec. A remote code execution vulnerability exists in JasPer versions 1.900.1, 1.900.3, and 1.900.4. An attacker could use this vulnerability to execute arbitrary code in the context of...

CVE-2016-1577

Double free vulnerability in the jasiccattrvaldestroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137...

CVE-2016-2116

Memory leak in the jasiccprofcreatefrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service memory consumption via a crafted ICC color profile in a JPEG 2000 image file...

CVE-2016-2089

The jasmatrixclip function in jasseq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service invalid read and application crash via a crafted JPEG 2000 image...

CVE-2016-2089

The jasmatrixclip function in jasseq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service invalid read and application crash via a crafted JPEG 2000 image...

JasPer Denial of Service Vulnerability

JasPer a report generation tool. A denial of service vulnerability exists in JasPer version 1.900.1 that allows remote attackers to cause a denial of service via a crafted JPEG 2000 image...

CVE-2016-1867

The CVE entry CVE-2016-1867 describes a denial-of-service via an out-of-bounds read in JasPer 1.900.1 when processing crafted JPEG 2000 images. Connected sources show a wider set of JasPer vulnerabilities affecting multiple products across distributions (CVE-2015-5203, -5221, -2016-8654, -2016-86...

Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the jasper package up to version 1.900.1-r3 of the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

jasper: possible buffer overflow in jas_stream_printf()

Buffer overflow in the jasstreamprintf function in libjasper/base/jasstream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mifhdrput function and use of vsprintf...

UBUNTU-CVE-2014-8158

Multiple stack-based buffer overflows in jpcqmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted JPEG 2000 image...

CVE-2014-8158

Multiple stack-based buffer overflows in jpcqmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted JPEG 2000 image...

CVE-2014-8157

Off-by-one error in the jpcdecprocesssot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow...

Fedora 21 : jasper-1.900.1-29.fc21 (2014-16292)

Fixes various flaws: CVE-2014-9029, CVE-2014-8138, CVE-2014-8137 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing addition...

UBUNTU-CVE-2014-8137

Double free vulnerability in the jasiccattrvaldestroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file...

DLA-121-1 jasper - security update

Bulletin has no description...