MiracleLinux 7 : jasper-1.900.1-33.0.2.el7.AXS7 (AXSA:2025-10995:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10995:02 advisory. CVE-2025-8837: fix use-after-free vulnerability in jpcdecdump CVEs: CVE-2025-8837 A vulnerability was identified in JasPer up to 4.2.5. This affects the...

CLSA-2025-1760026282 jasper: Fix of CVE-2025-8837

CVE-2025-8837: fix use-after-free vulnerability in jpcdecdump...

CLSA-2025-1759864646 jasper: Fix of CVE-2025-8837

CVE-2025-8837: fix use-after-free vulnerability in jpcdecdump...

CVE-2025-8837

A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpcdecdump of the file src/libjasper/jpc/jpcdec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the jpcdecdump and jpcdectilefini functions in the libjasper/jpc/jpcdec.c file. An attacker can execute arbitrary code or cause a denial of service by triggering access to memory after it has been freed. Remediation A...

AZL-66198 CVE-2025-8837 affecting package jasper for versions less than 2.0.32-5

A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpcdecdump of the file src/libjasper/jpc/jpcdec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public...

CVE-2025-8837 JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free

A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpcdecdump of the file src/libjasper/jpc/jpcdec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public...

PT-2025-32530

Name of the Vulnerable Software and Affected Versions: JasPer versions up to 4.2.5 Description: A use-after-free vulnerability exists in JasPer up to version 4.2.5. The issue affects the jpc dec dump function within the JPEG2000 File Handler component, located in the file src/libjasper/jpc/jpc...

SUSE CVE-2017-5500

libjasper/jpc/jpcdec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service crash via vectors involving left shift of a negative value...

SUSE CVE-2017-13746

There is a reachable assertion abort in the function jpcdecprocesssiz in jpc/jpcdec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack...

SUSE CVE-2017-13745

There is a reachable assertion abort in the function jpcdecprocesssot in jpc/jpcdec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpcppmstabtostreams return value, a different vulnerability than CVE-2018-9154...

SUSE CVE-2017-13750

There is a reachable assertion abort in the function jpcdecprocesssiz in jpc/jpcdec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack...

JasPer integer overflow vulnerability (CNVD-2017-03801)

JasPer is a Canadian software developer Michael Adams developed an open source implementation of the JPEG-2000 codec. An integer overflow vulnerability exists in the jpcdectiledecode function in the jpcdec.c file in versions of JasPer prior to 1.900.12. A remote attacker could exploit this...

UBUNTU-CVE-2016-8691

The jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted XRsiz value in a BMP image to the imginfo command...

UBUNTU-CVE-2016-8882

The jpcdectilefini function in libjasper/jpc/jpcdec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted file...