124 matches found
EUVD-2018-11229
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-5501
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in libjasper/jpc/jpctsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service crash via a crafted file. CVE-2017-5501 Note...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via the jpcdecdump and jpcdectilefini functions in the libjasper/jpc/jpcdec.c file. An attacker can execute arbitrary code or cause a denial of service by triggering access to memory after it has been freed. Remediation A...
Divide By Zero
libjasper.so is vulnerable to Denial of Service DoS. The vulnerability is due to missing bound checks in the jpcenc.c file, which can result in a divide by zero bug leading to a Denial of Service DoS...
SUSE CVE-2016-9387
Integer overflow in the jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure...
SUSE CVE-2017-14132
JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6,...
SUSE CVE-2018-9055
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpcfirstone in libjasper/jpc/jpcmath.c...
CVE-2022-40755
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jasimage.c...
CVE-2022-40755
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jasimage.c...
CVE-2022-40755
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jasimage.c...
Mageia: Security Advisory (MGASA-2021-0113)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
...
Design/Logic Flaw
A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpcenc.c...
CVE-2021-27845
A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpcenc.c...
SUSE SLES11 Security Update : jasper (SUSE-SU-2021:14627-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14627-1 advisory. - There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary...
SUSE: Security Advisory (SUSE-SU-2015:0016-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3272
jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components...
CVE-2021-3272
jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components...
Heap overflow
jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components...
CVE-2021-3272
CVE-2021-3272 affects the Jasper JPEG-2000 library. The issue is in jp2_decode() of libjasper (JasPer 2.0.24) where a heap-based buffer over-read can occur when there is an invalid relationship between the number of channels and the number of image components. This can lead to information disclos...