SUSE CVE-2017-5502

libjasper/jp2/jp2dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service crash via vectors involving left shift of a negative value...

SUSE-SU-2020:2057-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - Add 0019-FLI-overflow-error-fix-and-testcase.patch Fixes CVE-2016-0775, bsc965582 - Add 0020-Fix-OOB-reads-in-FLI-decoding.patch Fixes CVE-2020-10177, bsc1173413 - Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch Fixes...

jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash...

CVE-2015-8662

The ffdwtdecode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...

jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001)

An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code...

jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer such as Nautilus to crash or, potentially, execute arbitrary cod...