Jasper Security Vulnerabilities and Issues — Jasper CVE List

Lucene search

Jasper ProjectJasper

99 matches found

CVE•added 2020/12/11 4:15 a.m.•248 views

CVE-2020-27828

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.

7.8CVSS7.3AI score0.00158EPSS

CVE•added 2018/11/26 3:29 a.m.•226 views

CVE-2018-19542

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.

6.5CVSS6.5AI score0.01029EPSS

CVE•added 2018/10/31 4:29 p.m.•213 views

CVE-2018-18873

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

5.5CVSS6.1AI score0.00493EPSS

CVE•added 2017/06/21 8:29 p.m.•184 views

CVE-2017-9782

JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.

5.5CVSS5.9AI score0.00442EPSS

CVE•added 2018/11/09 9:29 p.m.•177 views

CVE-2018-19139

An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.

5.5CVSS6.1AI score0.00493EPSS

CVE•added 2011/12/15 3:57 a.m.•175 views

CVE-2011-4516

Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 fi...

6.8CVSS5.4AI score0.47823EPSS

CVE•added 2021/01/27 8:15 a.m.•174 views

CVE-2021-3272

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

5.5CVSS6.3AI score0.00071EPSS

CVE•added 2017/09/04 8:29 p.m.•171 views

CVE-2017-14132

JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7...

6.5CVSS6.4AI score0.01036EPSS

CVE•added 2018/12/28 4:29 p.m.•170 views

CVE-2018-20570

jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.

6.5CVSS6.8AI score0.01024EPSS

CVE•added 2018/11/26 3:29 a.m.•169 views

CVE-2018-19539

An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

6.5CVSS6.5AI score0.01026EPSS

CVE•added 2018/12/31 7:29 p.m.•169 views

CVE-2018-20622

JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.

6.5CVSS6.6AI score0.01503EPSS

CVE•added 2018/11/26 3:29 a.m.•168 views

CVE-2018-19541

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3,...

8.8CVSS7.2AI score0.01249EPSS

CVE•added 2018/08/01 5:29 p.m.•167 views

CVE-2016-9583

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

7.8CVSS7.4AI score0.00318EPSS

CVE•added 2017/03/23 6:59 p.m.•164 views

CVE-2016-9396

The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.

7.5CVSS7.1AI score0.04636EPSS

CVE•added 2018/11/26 3:29 a.m.•156 views

CVE-2018-19540

8.8CVSS7.4AI score0.00782EPSS

CVE•added 2011/12/15 3:57 a.m.•152 views

CVE-2011-4517

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a cra...

6.8CVSS5AI score0.4213EPSS

CVE•added 2018/05/04 9:29 p.m.•151 views

CVE-2018-9154

There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.

7.5CVSS7.2AI score0.00486EPSS

CVE•added 2017/03/16 3:59 p.m.•142 views

CVE-2017-5505

The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

5.5CVSS5.8AI score0.00404EPSS

CVE•added 2017/03/15 2:59 p.m.•140 views

CVE-2016-10251

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

7.8CVSS7.8AI score0.00815EPSS

CVE•added 2017/07/17 1:18 p.m.•140 views

CVE-2017-1000050

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.

7.5CVSS7.2AI score0.01605EPSS

CVE•added 2018/11/26 3:29 a.m.•138 views

CVE-2018-19543

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

7.8CVSS7.4AI score0.00365EPSS

CVE•added 2017/03/23 6:59 p.m.•137 views

CVE-2016-9399

The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

7.5CVSS7AI score0.02137EPSS

CVE•added 2017/03/01 3:59 p.m.•135 views

CVE-2017-5504

The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

5.5CVSS5.8AI score0.00462EPSS

CVE•added 2017/03/01 3:59 p.m.•134 views

CVE-2017-5503

The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.

5.5CVSS6.7AI score0.00444EPSS

CVE•added 2017/03/23 6:59 p.m.•132 views

CVE-2016-9398

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

7.5CVSS7AI score0.0411EPSS

CVE•added 2018/04/04 2:29 a.m.•128 views

CVE-2018-9252

JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.

6.5CVSS6.5AI score0.00489EPSS

CVE•added 2014/12/08 4:59 p.m.•124 views

CVE-2014-9029

Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.

7.5CVSS6AI score0.32606EPSS

CVE•added 2017/07/25 6:29 p.m.•123 views

CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5CVSS5.8AI score0.00276EPSS

CVE•added 2017/03/01 3:59 p.m.•121 views

CVE-2017-5499

Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.

5.5CVSS5.9AI score0.00454EPSS

CVE•added 2021/02/23 6:15 p.m.•120 views

CVE-2021-26926

A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.

7.1CVSS6.4AI score0.00102EPSS

CVE•added 2017/08/02 7:29 p.m.•112 views

CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5CVSS5.8AI score0.00237EPSS

CVE•added 2017/03/28 2:59 p.m.•110 views

CVE-2016-8884

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.

5.5CVSS6.2AI score0.00403EPSS

CVE•added 2017/02/15 7:59 p.m.•106 views

CVE-2016-8690

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.

5.5CVSS5.8AI score0.00403EPSS

CVE•added 2017/02/15 7:59 p.m.•100 views

CVE-2016-8691

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.

5.5CVSS5.9AI score0.0047EPSS

CVE•added 2021/02/23 8:15 p.m.•100 views

CVE-2021-26927

A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.

5.5CVSS5.7AI score0.00073EPSS

CVE•added 2018/03/09 8:29 p.m.•99 views

CVE-2016-9591

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

5.5CVSS6.1AI score0.00479EPSS

CVE•added 2016/02/08 7:59 p.m.•98 views

CVE-2016-2089

The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.

6.5CVSS6.4AI score0.00766EPSS

CVE•added 2018/08/01 4:29 p.m.•98 views

CVE-2016-8654

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

7.8CVSS7.8AI score0.00234EPSS

CVE•added 2017/03/15 2:59 p.m.•97 views

CVE-2016-10249

Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.

7.8CVSS7.9AI score0.00539EPSS

CVE•added 2017/02/15 7:59 p.m.•95 views

CVE-2016-9560

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

7.8CVSS7.9AI score0.00401EPSS

CVE•added 2017/02/15 7:59 p.m.•94 views

CVE-2016-8692

5.5CVSS5.9AI score0.0047EPSS

CVE•added 2018/12/30 5:29 a.m.•91 views

CVE-2018-20584

JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.

6.5CVSS6.5AI score0.00445EPSS

CVE•added 2014/12/24 6:59 p.m.•89 views

CVE-2014-8137

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

6.8CVSS6.3AI score0.31457EPSS

CVE•added 2015/01/26 3:59 p.m.•89 views

CVE-2014-8157

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

7.5CVSS6.4AI score0.05895EPSS

CVE•added 2017/02/15 7:59 p.m.•87 views

CVE-2016-8693

Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.

7.8CVSS8.1AI score0.00832EPSS

CVE•added 2014/12/24 6:59 p.m.•86 views

CVE-2014-8138

Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.

7.5CVSS6.5AI score0.05895EPSS

CVE•added 2015/01/26 3:59 p.m.•86 views

CVE-2014-8158

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

6.8CVSS6.3AI score0.05895EPSS

CVE•added 2017/01/13 4:59 p.m.•86 views

CVE-2016-8882

The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

5.5CVSS5.7AI score0.00252EPSS

CVE•added 2017/03/23 6:59 p.m.•86 views

CVE-2016-8885

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.

5.5CVSS6AI score0.00336EPSS

CVE•added 2017/08/29 6:29 a.m.•86 views

CVE-2017-13748

There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.

7.5CVSS7.1AI score0.02646EPSS

Total number of security vulnerabilities99