Jasper Security Vulnerabilities and Issues — Jasper CVE List

Lucene search

Jasper ProjectJasper

14 matches found

CVE•added 2018/11/26 3:29 a.m.•226 views

CVE-2018-19542

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.

6.5CVSS6.5AI score0.01029EPSS

CVE•added 2011/12/15 3:57 a.m.•175 views

CVE-2011-4516

Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 fi...

6.8CVSS5.4AI score0.47823EPSS

CVE•added 2017/09/04 8:29 p.m.•171 views

CVE-2017-14132

JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7...

6.5CVSS6.4AI score0.01036EPSS

CVE•added 2018/12/28 4:29 p.m.•170 views

CVE-2018-20570

jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.

6.5CVSS6.8AI score0.01024EPSS

CVE•added 2018/11/26 3:29 a.m.•169 views

CVE-2018-19539

An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

6.5CVSS6.5AI score0.01026EPSS

CVE•added 2018/12/31 7:29 p.m.•169 views

CVE-2018-20622

JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.

6.5CVSS6.6AI score0.01503EPSS

CVE•added 2011/12/15 3:57 a.m.•152 views

CVE-2011-4517

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a cra...

6.8CVSS5AI score0.4213EPSS

CVE•added 2018/04/04 2:29 a.m.•128 views

CVE-2018-9252

JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.

6.5CVSS6.5AI score0.00489EPSS

CVE•added 2016/02/08 7:59 p.m.•98 views

CVE-2016-2089

The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.

6.5CVSS6.4AI score0.00766EPSS

CVE•added 2018/12/30 5:29 a.m.•91 views

CVE-2018-20584

JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.

6.5CVSS6.5AI score0.00445EPSS

CVE•added 2014/12/24 6:59 p.m.•89 views

CVE-2014-8137

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

6.8CVSS6.3AI score0.31457EPSS

CVE•added 2015/01/26 3:59 p.m.•86 views

CVE-2014-8158

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

6.8CVSS6.3AI score0.05895EPSS

CVE•added 2016/01/20 4:59 p.m.•84 views

CVE-2016-1867

The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

6.5CVSS6.3AI score0.00462EPSS

CVE•added 2018/03/12 3:29 p.m.•78 views

CVE-2016-9600

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

6.5CVSS6.5AI score0.00295EPSS