101 matches found
CVE-2020-27828
CVE-2020-27828 (Jasper) is described in connected data as a heap-based buffer overflow in the jpc_enc.c cp_create() path, arising from crafted input. In the CP4S advisory, affected products are Cloud Pak for Security (CP4S) 1.8.1.0, 1.8.0.0, and 1.7.2.0. IBM recommends upgrading to CP4S 1.9.0.0 t...
CVE-2018-19542
CVE-2018-19542 affects JasPer 2.0.14. The vulnerability is a NULL pointer dereference in jp2_decode (libjasper/jp2/jp2_dec.c) that leads to a denial of service. The connected documents confirm the issue and cite unpatched status on several Red Hat releases (RHEL 6/7/8) via Nessus entries, but do ...
CVE-2018-18873
CVE-2018-18873 affects JasPer 2.0.14 with a NULL pointer dereference in ras_putdatastd (ras_enc.c), which can cause a crash. The Connected documents confirm the vulnerability and its presence in JasPer 2.0.14 but do not provide a specific patch version or remediation details in the supplied mater...
CVE-2011-4516
CVE-2011-4516 affects JasPer, specifically the heap-based buffer overflow in the function jpc_cox_getcompparms (libjasper/jpc/jpc_cs.c) within JasPer 1.900.1. A crafted value in a COD (coding style default) marker segment of a JPEG2000 file can cause remote code execution or memory corruption, po...
CVE-2021-3272
CVE-2021-3272 affects the Jasper JPEG-2000 library. The issue is in jp2_decode() of libjasper (JasPer 2.0.24) where a heap-based buffer over-read can occur when there is an invalid relationship between the number of channels and the number of image components. This can lead to information disclos...
CVE-2017-9782
CVE-2017-9782 affects JasPer 2.0.12, allowing a remote attacker to cause a heap-based buffer over-read in jp2_decode when processing a crafted JPEG-2000 image, leading to application crash or denial of service. Public advisories (Ubuntu USN-4688-1) and vendor security notes indicate unpatched dep...
CVE-2018-19139
CVE-2018-19139 affects JasPer 2.0.14 with a memory leak in jas_malloc.c (called from jpc_unk_getparms in jpc_cs.c). Public details in the initial document confirm the memory leak, while connected entries corroborate that multiple vendors/distributions have published fixes or mitigations. Practica...
CVE-2016-9396
CVE-2016-9396 and CVE-2017-1000050 affect JasPer, with confirmed issues in JPC_NOMINALGAIN() and jp2_encode() that can lead to denial of service. Public disclosures and updates reference JasPer vulnerabilities across multiple vendors/advisories (e.g., USN-3693-1, RHSA-2018:3253, CentOS advisory, ...
CVE-2018-19539
CVE-2018-19539 (JasPer 2.0.14) : An access violation in libjasper/base/jas_image.c:jas_image_readcmpt can cause a denial of service. Affected component is jas_image_readcmpt in JasPer 2.0.14; root cause is an access violation leading to crash/DoS. Public remediation/fix details are not provided i...
CVE-2018-20570
CVE-2018-20570 affects JasPer 2.0.14: jp2_encode in libjasper jp2_enc.c experiences a heap-based buffer over-read, with potential crash/denial of service (CVSS3: high availability impact; network exposure). Connected sources corroborate the vulnerability and list unpatched/affected environments i...
CVE-2018-19541
CVE-2018-19541 : A heap-based buffer over-read of size 8 exists in the function jas_image_depalettize (libjasper/base/jas_image.c) in JasPer, affecting versions from 1.900.8 up to 2.0.16 listed in the Initial document. The vulnerability can cause a crash and may enable memory access issues. The C...
CVE-2017-14132
CVE-2017-14132 affects JasPer 1.900.8–1.900.31 and 2.0.0–2.0.16. A crafted image can trigger a heap-based buffer over-read in the function jas_image_ishomosamp (libjasper/base/jas_image.c), allowing remote attackers to cause an application crash (denial of service). The vulnerability is triggered...
CVE-2016-9583
CVE-2016-9583 affects the JasPer JPEG-2000 library. The vulnerability is an out-of-bounds heap read in the jpc_pi_nextpcrl() function when processing crafted input, and affects Jasper versions prior to 2.0.6. Potential impact is application crash due to invalid memory access. Remediation: upgrade...
CVE-2018-20622
CVE-2018-20622 affects JasPer 2.0.14 and is due to a memory leak in base/jas_malloc.c in libjasper.a when using "--output-format jp2". Public docs consistently identify the vulnerability as a memory leak rather than a direct crash or code execution vector; no exploit details or attack vectors are...
CVE-2011-4517
CVE-2011-4517 affects JasPer 1.900.1 used for JPEG-2000 decoding. The flaw is in libjasper/jpc/jpc_cs.c: jpc_crg_getparms uses an incorrect data type during a size calculation, enabling remote attackers to trigger a heap-based buffer overflow via a crafted CRG marker segment in a JPEG2000 file. C...
CVE-2018-19540
CVE-2018-19540 : In JasPer, there is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input (libjasper/base/jas_icc.c). Reported vulnerable versions include 1.900.8–1.900.31 and 2.0.0–2.0.16. The connected documents do not provide an explicit exploit path or patch details wit...
CVE-2018-9154
JasPer 2.0.14 contains a reachable abort in jpc_dec_process_sot() in libjasper/jpc/jpc_dec.c, which can be triggered by a crafted input to cause remote denial of service. This is described as a different vulnerability from CVE-2017-13745; the connected documents do not provide further exploit det...
CVE-2016-10251
CVE-2016-10251 : JasPer 1.900.x before 1.900.20 contains an integer overflow in jpc_pi_nextcprl (jpc_t2cod.c). Crafting a JPEG 2000 file can trigger use of an uninitialized value, with unspecified impact. Affected software versions: JasPer up to but not including 1.900.20. Remediation: upgrade to...
CVE-2017-1000050
CVE-2017-1000050 affects JasPer 2.0.12, with a NULL pointer dereference in jp2_encode leading to denial of service. Public advisories (IBM PowerKVM bulletin, Red Hat/CentOS/CentOS advisories, ALAS) confirm remediation via upgrading JasPer to newer versions (e.g., 2.0.24 and beyond) and applying v...
CVE-2017-5505
CVE-2017-5505 (and related Jasper/JasPer flaws) is documented across multiple open-source and vendor advisories as affecting JasPer up to version 1.900.27 (and related 2.x branches). The core issue cited is an invalid memory read/write and crash via crafted images in jas_matrix_asl (jas_seq.c) an...
CVE-2016-9399
CVE-2016-9399 affects JasPer, with the description noting a vulnerability in the calcstepsizes function of jpc_dec.c in JasPer 1.900.22 that allows remote denial of service via assertion failure. Connected documents (Red Hat advisories and OpenVAS entries) list CVE-2016-9399 among Jasper-related ...
CVE-2014-9029
CVE-2014-9029 affects JasPer 1.900.1 and earlier; multiple off-by-one/heap-based overflow in jpc_dec_cp_setfromcox and jpc_dec_cp_setfromrgn (and related JP2 decoding paths) could allow remote code execution via a crafted JPEG 2000 file. Public advisories report patched releases; mitigate by upgr...
CVE-2017-5504
CVE-2017-5504 is a vulnerability in JasPer where the function jpc_undo_roi in libjasper/jpc/jpc_dec.c (present in JasPer 1.900.27) can be exploited by a crafted image to cause a denial of service via an invalid memory read/crash. The connected documents indicate this CVE is discussed within Jaspe...
CVE-2018-19543
CVE-2018-19543 affects JasPer 2.0.14. The issue is a heap-based buffer over-read of size 8 in jp2_decode (libjasper/jp2/jp2_dec.c). Exploitation details, impact, affected platforms, and fixes are not provided beyond this description in the initial document. References to Jasper-related advisories...
CVE-2016-9398
CVE-2016-9398 affects JasPer: the jpc_floorlog2 function in jpc_math.c is vulnerable in versions before 1.900.17, allowing remote attackers to trigger a denial of service (assertion failure) via unspecified vectors. Connected documents confirm the affected component and impact; no remediation det...
CVE-2017-5503
CVE-2017-5503 affects JasPer library (JasPer 1.900.27) in the dec_clnpass path (libjasper/jpc/jpc_t1dec.c). A crafted image can trigger a denial of service via an invalid memory write, potentially with additional impact. Connected advisories confirm the same vulnerability across multiple vendor f...
CVE-2021-26926
CVE-2021-26926 affects Jasper (JasPer) up to version 2.0.25, with an out-of-bounds read in jp2_decode that can disclose information or crash the program. Affected: JasPer library; root cause: out-of-bounds read in JP2 decoding path. Impact: information disclosure and potential denial of service v...
CVE-2017-5499
CVE-2017-5499 affects JasPer’s libjasper (jpc_dec.c) with an integer overflow in the JPC decoder ( JasPer 1.900.17 ), enabling a crafted file to trigger denial of service (crash). Public sources in the connected docs identify the vulnerable component (libjasper/jpc/jpc_dec.c) and note that severa...
CVE-2018-9252
CVE-2018-9252 affects JasPer 2.0.14. The vulnerability is in the function jpc_abstorelstepsize of libjasper/jpc/jpc_enc.c, where a reachable assertion can cause denial of service. The issue is documented across multiple sources (e.g., Red Hat/Nessus feeds) as part of unpatched Jasper packages for...
CVE-2015-5221
CVE-2015-5221 is a vulnerability in the JasPer JPEG-2000 library (libjasper/mif/mif_cod.c, function mif_process_cmpt). Multiple connected sources confirm a memory safety issue in this area: the core flaw is described as a use-after-free or memory misreference in the mif_process_cmpt path, exploit...
CVE-2015-5203
CVE-2015-5203 is a double-free flaw in JasPer’s jasper_image_stop_load() used when processing certain JPEG 2000 images. Backed by multiple connected advisories, this vulnerability can allow a remote attacker to crash an application or, in some reports, potentially execute arbitrary code. Affected...
CVE-2016-8690
CVE-2016-8690 : The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer versions before 1.900.5 is vulnerable to a denial-of-service via a crafted BMP image in an imginfo command, caused by a NULL pointer dereference. Affected software can crash or become unresponsive when processing such i...
CVE-2021-26927
CVE-2021-26927 : Jasper is vulnerable to a denial of service due to a NULL pointer dereference in jp2_decode (jp2_dec.c). The issue affects Jasper up to version before 2.0.25; triggering with a specially crafted file can cause the program to crash. The provided sources describe the vulnerability ...
CVE-2016-8884
CVE-2016-8884 affects JasPer 1.900.5 (and related builds) with a NULL pointer dereference in bmp_getdata (libjasper/bmp/bmp_dec.c) that can be triggered by imginfo on a crafted BMP image, causing a denial of service. This issue is noted as stemming from an incomplete fix for CVE-2016-8690. Public...
CVE-2014-8137
CVE-2014-8137: JasPer 1.900.1 and earlier contain a double-free in jas_iccattrval_destroy, allowing remote attackers to crash or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image. Affected: JasPer up to 1.900.1 and earlier. Remediation: upgrade to a newer JasPer...
CVE-2014-8157
JasPer (JPEG-2000 reference implementation) is affected by CVE-2014-8157 due to an off-by-one error in jpc_dec_process_sot that can cause a heap-based buffer overflow. A crafted JPEG 2000 image could lead to a crash or, in some cases, remote arbitrary code execution. Affected releases are JasPer ...
CVE-2016-9591
JasPer before 2.0.12 is vulnerable to a use-after-free during decoding of certain JPEG 2000 files, which can crash the host process. CVE-2016-9591 is the primary issue; related CVEs in the same family (e.g., CVE-2016-10249, CVE-2016-10251, CVE-2016-8654, CVE-2016-9560, CVE-2016-1867, CVE-2016-208...
CVE-2016-2089
JasPer 1.900.1 and earlier contains CVE-2016-2089 in jas_matrix_clip (jas_seq.c): a crafted JPEG 2000 image can trigger an invalid read leading to remote denial of service (application crash). Public advisories and vendor notes confirm multiple JasPer-related CVEs with this and related variants, ...
CVE-2016-8654
CVE-2016-8654 is a JasPer/JPC-codec vulnerability where a heap-buffer overflow occurs due to an undersized QMFB buffer. It affects Jasper versions before 2.0.0. Remediation is to upgrade Jasper to a fixed version (≥2.0.0); various advisories (CentOS CESA-2017:1208, IBM PowerKVM bulletin, Cloud Fo...
CVE-2016-10249
CVE-2016-10249 affects JasPer (JPEG 2000 library). The vulnerable component is the jpc_dec_tiledecode function in jpc_dec.c, where an integer overflow can occur during decoding of a crafted image, triggering a heap-based buffer overflow. This can lead to a crash or potential arbitrary code execut...
CVE-2016-8691
CVE-2016-8691 affects the JasPer JPEG-2000 library. The issue is a divide-by-zero in jpc_dec_process_siz triggered by a crafted BMP image (XRsiz value) used with the imginfo command, leading to denial of service (application crash). Public advisories confirm JasPer upstream fixes and distro updat...
CVE-2014-8138
CVE-2014-8138 is a heap overflow in the jp2_decode function of JasPer 1.900.1 and earlier. A crafted JPEG 2000 file can cause a crash or possibly allow remote code execution. Multiple vendor advisories reference this CVE and track fixes in JasPer updates (e.g., openSUSE, Oracle/RH EL, and Linux d...
CVE-2016-9560
CVE-2016-9560 describes a stack-based buffer overflow in the JasPer JPEG-2000 library. The overflow occurs in the function jpc_tsfb_getbands2 inside jpc_tsfb.c and affects JasPer before version 1.900.30 . An attacker could trigger the overflow by supplying a crafted image, with the impact describ...
CVE-2017-13748
CVE-2017-13748 : JasPer 2.0.12 contains memory leaks triggered by jas_strdup() in base/jas_string.c, leading to remote denial of service. The initial description and connected feeds identify this as the primary CVE, with various Nessus/OpenVAS records listing many JasPer-related issues (often mul...
CVE-2016-8885
CVE-2016-8885 affects the JasPer JPEG-2000 library. The NULL pointer dereference in bmp_getdata (libjasper/bmp/bmp_dec.c) can be triggered by a crafted BMP image via the imginfo command, leading to a denial of service. The description in the initial and linked advisories indicates this family of ...
CVE-2016-8692
CVE-2016-8692 - JasPer before 1.900.4 is vulnerable to a denial of service via a crafted BMP image. The issue is a divide-by-zero error in jpc_dec_process_siz exploited when a malicious YRsiz value is processed by the imginfo command, leading to application crash. Affected component: JasPer JPEG ...
CVE-2014-8158
JasPer 1.900.1 and earlier contain multiple stack-based buffer overflows in jpc_qmfb.c, enabling remote attackers to crash or possibly execute arbitrary code via crafted JPEG 2000 images. The issue (CVE-2014-8158) affects the JasPer JPEG-2000 library; impact is a denial of service and potential c...
CVE-2021-3443
CVE-2021-3443 describes a NULL pointer dereference in Jasper’s JP2 image format decoder. A crafted JP2 file could cause an application using the Jasper library to crash. The description indicates the flaw exists in Jasper versions prior to 2.0.27. There is no explicit exploitation status, affecte...
CVE-2018-20584
CVE-2018-20584 affects JasPer 2.0.14 and can cause a remote denial of service (application hang) when converting to JP2. Connected sources indicate IBM Rational Synergy products are affected (7.2.1.x series) and provide a remediation path: upgrade to Rational Synergy 7.2.2 to gain Jetty 9.4.14 su...
CVE-2016-1577
Summary: CVE-2016-1577 is a double‑free vulnerability in JasPer’s jas_iccattrval_destroy function, affecting JasPer 1.900.1 and earlier. A crafted ICC color profile within a JPEG 2000 image can cause a crash or, potentially, arbitrary code execution. Impact (per sources): denial of service with c...