7041 matches found
CVE-2016-9393
CVE-2016-9393 : The jpc_pi_nextrpcl function in jpc_t2cod.c within JasPer before 1.900.17 can cause a denial of service (assertion failure) when processing a crafted file. This is the only vulnerability described in the initial entry; the connected documents corroborate JasPer-related CVEs but do...
CVE-2016-9393
The jpcpinextrpcl function in jpct2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service assertion failure via a crafted file...
CVE-2016-9391
JasPer (CVE-2016-9391): The jpc_bitstream_getbits function in jpc_bs.c of JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer. This is the asserted under the CVE-2016-9391 entry and is corroborated by connected Nessus/NVD referenc...
CVE-2016-9387
Integer overflow in the jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure...
CVE-2016-9394
CVE-2016-9394 affects JasPer JPEG-2000 library. The jas_seq2d_create function in jas_seq.c is vulnerable to assertion-failure denial of service when processing crafted image files, for JasPer versions before 1.900.17. The connected documents corroborate that historical JasPer vulnerabilities incl...
CVE-2016-9396
The JPCNOMINALGAIN function in jpc/jpct1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service JPCCOXRFT assertion failure via unspecified vectors...
CVE-2016-9389
The jpcirct and jpciict functions in jpcmct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service assertion failure...
CVE-2016-9398
CVE-2016-9398 affects JasPer: the jpc_floorlog2 function in jpc_math.c is vulnerable in versions before 1.900.17, allowing remote attackers to trigger a denial of service (assertion failure) via unspecified vectors. Connected documents confirm the affected component and impact; no remediation det...
CVE-2016-9388
The rasgetcmap function in rasdec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service assertion failure via a crafted image file...
CVE-2016-9392
CVE-2016-9392 affects the JasPer JPEG 2000 library. The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows a crafted file to trigger an assertion failure, causing a denial of service. Affected are JasPer versions earlier than 1.900.17; remediation is to upgrade to 1.900.17 or ne...
CVE-2016-9391
The jpcbitstreamgetbits function in jpcbs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service assertion failure via a very large integer...
CVE-2016-9389
CVE-2016-9389 affects JasPer library; the flaw is in the jpc_irct and jpc_iict functions of jpc_mct.c, allowing remote denial of service via assertion failure when using JasPer versions before 1.900.14. The issue is concrete and tied to the library version and specific functions. A fix is to upgr...
CVE-2016-9390
CVE-2016-9390 – JasPer JPEG 2000 library : The vulnerability is in jas_seq2d_create in JasPer before 1.900.14, where a crafted image file can trigger an assertion failure and cause a denial of service. Affected component is the JasPer library’s JPEG 2000 handling; root cause is an assertion failu...
CVE-2016-9399
CVE-2016-9399 affects JasPer, with the description noting a vulnerability in the calcstepsizes function of jpc_dec.c in JasPer 1.900.22 that allows remote denial of service via assertion failure. Connected documents (Red Hat advisories and OpenVAS entries) list CVE-2016-9399 among Jasper-related ...
CVE-2016-5749
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity XXE attack...
Design/Logic Flaw
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester...
CVE-2016-5752
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester...
CVE-2016-9394
The jasseq2dcreate function in jasseq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service assertion failure via a crafted file...
CVE-2016-9391
The jpcbitstreamgetbits function in jpcbs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service assertion failure via a very large integer...
CVE-2016-9387
Integer overflow in the jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure...