SUSE CVE-2016-8690

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted BMP image in an imginfo command...

SUSE CVE-2016-8691

The jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted XRsiz value in a BMP image to the imginfo command...

SUSE CVE-2016-8692

The jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted YRsiz value in a BMP image to the imginfo command...

Double-Free Vulnerability

JasPer is vulnerable to double free vulnerability. A remote attacker could cause an application crash or possibly execute arbitrary code via a crafted BMP image to the imginfo command. Affected by this issue is the function memclose of the file jasstream.c of the component imginfo...

Denial Of Service (DoS) Through Divide By Zero

JasPer is vulnerable to denial of service attacks. A remote attacker could cause an application crash via a crafted YRsiz value in a BMP image to the imginfo command. Affected by this vulnerability is the function jpcdecprocesssiz of the file libjasper/jpc/jpcdec.c of the component imginfo...

NULL Pointer Dereference

JasPer is vulnerable to NULL pointer dereference. A remote attacker could cause denial of service via a crafted BMP image in an imginfo command. This issue affects the function bmpgetdata of the file libjasper/bmp/bmpdec.c of the component imginfo...

Denial Of Service (DoS) Through Divide By Zero

JasPer is vulnerable to denial of service attacks. A remote attacker could cause an application crash via a crafted XRsiz value in a BMP image to the imginfo command. Affected is the function jpcdecprocesssiz of the file libjasper/jpc/jpcdec.c of the component imginfo...

jasper: missing jas_matrix_create() parameter checks

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted BMP image in an imginfo command...

jasper: incorrect handling of bufsize 0 in mem_resize()

Double free vulnerability in the memclose function in jasstream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted BMP image to the imginfo command...

Null pointer dereference

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service NULL pointer dereference by calling the imginfo command with a crafted BMP image...

CVE-2016-8885

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service NULL pointer dereference by calling the imginfo command with a crafted BMP image...

CVE-2016-8885

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service NULL pointer dereference by calling the imginfo command with a crafted BMP image...

CVE-2016-8885

CVE-2016-8885 affects the JasPer JPEG-2000 library. The NULL pointer dereference in bmp_getdata (libjasper/bmp/bmp_dec.c) can be triggered by a crafted BMP image via the imginfo command, leading to a denial of service. The description in the initial and linked advisories indicates this family of ...

Command injection

The jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted XRsiz value in a BMP image to the imginfo command...

UBUNTU-CVE-2016-8690

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted BMP image in an imginfo command...

CVE-2016-8690

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted BMP image in an imginfo command...

Command injection

The jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted YRsiz value in a BMP image to the imginfo command...

Null pointer dereference

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted BMP image in an imginfo command...

Double free

Double free vulnerability in the memclose function in jasstream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted BMP image to the imginfo command...

CVE-2016-8691

CVE-2016-8691 affects the JasPer JPEG-2000 library. The issue is a divide-by-zero in jpc_dec_process_siz triggered by a crafted BMP image (XRsiz value) used with the imginfo command, leading to denial of service (application crash). Public advisories confirm JasPer upstream fixes and distro updat...