Jasper Security Vulnerabilities and Issues — Jasper CVE List

Lucene search

Jasper ProjectJasper

55 matches found

CVE•added 2017/06/21 8:29 p.m.•184 views

CVE-2017-9782

JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.

5.5CVSS5.9AI score0.00442EPSS

CVE•added 2017/09/04 8:29 p.m.•171 views

CVE-2017-14132

JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7...

6.5CVSS6.4AI score0.01036EPSS

CVE•added 2017/03/23 6:59 p.m.•164 views

CVE-2016-9396

The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.

7.5CVSS7.1AI score0.04636EPSS

CVE•added 2017/03/16 3:59 p.m.•142 views

CVE-2017-5505

The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

5.5CVSS5.8AI score0.00404EPSS

CVE•added 2017/03/15 2:59 p.m.•140 views

CVE-2016-10251

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

7.8CVSS7.8AI score0.00815EPSS

CVE•added 2017/07/17 1:18 p.m.•140 views

CVE-2017-1000050

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.

7.5CVSS7.2AI score0.01605EPSS

CVE•added 2017/03/23 6:59 p.m.•137 views

CVE-2016-9399

The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

7.5CVSS7AI score0.02137EPSS

CVE•added 2017/03/01 3:59 p.m.•135 views

CVE-2017-5504

The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

5.5CVSS5.8AI score0.00462EPSS

CVE•added 2017/03/01 3:59 p.m.•134 views

CVE-2017-5503

The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.

5.5CVSS6.7AI score0.00444EPSS

CVE•added 2017/03/23 6:59 p.m.•132 views

CVE-2016-9398

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

7.5CVSS7AI score0.0411EPSS

CVE•added 2017/07/25 6:29 p.m.•123 views

CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5CVSS5.8AI score0.00276EPSS

CVE•added 2017/03/01 3:59 p.m.•121 views

CVE-2017-5499

Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.

5.5CVSS5.9AI score0.00454EPSS

CVE•added 2017/08/02 7:29 p.m.•112 views

CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5CVSS5.8AI score0.00237EPSS

CVE•added 2017/03/28 2:59 p.m.•110 views

CVE-2016-8884

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.

5.5CVSS6.2AI score0.00403EPSS

CVE•added 2017/02/15 7:59 p.m.•106 views

CVE-2016-8690

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.

5.5CVSS5.8AI score0.00403EPSS

CVE•added 2017/02/15 7:59 p.m.•100 views

CVE-2016-8691

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.

5.5CVSS5.9AI score0.0047EPSS

CVE•added 2017/03/15 2:59 p.m.•97 views

CVE-2016-10249

Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.

7.8CVSS7.9AI score0.00539EPSS

CVE•added 2017/02/15 7:59 p.m.•95 views

CVE-2016-9560

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

7.8CVSS7.9AI score0.00401EPSS

CVE•added 2017/02/15 7:59 p.m.•94 views

CVE-2016-8692

5.5CVSS5.9AI score0.0047EPSS

CVE•added 2017/02/15 7:59 p.m.•87 views

CVE-2016-8693

Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.

7.8CVSS8.1AI score0.00832EPSS

CVE•added 2017/01/13 4:59 p.m.•86 views

CVE-2016-8882

The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

5.5CVSS5.7AI score0.00252EPSS

CVE•added 2017/03/23 6:59 p.m.•86 views

CVE-2016-8885

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.

5.5CVSS6AI score0.00336EPSS

CVE•added 2017/08/29 6:29 a.m.•86 views

CVE-2017-13748

There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.

7.5CVSS7.1AI score0.02646EPSS

CVE•added 2017/03/23 6:59 p.m.•82 views

CVE-2016-9393

The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

5.5CVSS5.8AI score0.00475EPSS

CVE•added 2017/03/23 6:59 p.m.•81 views

CVE-2016-9388

The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

5.5CVSS5.8AI score0.00263EPSS

CVE•added 2017/03/15 2:59 p.m.•80 views

CVE-2016-10248

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

7.5CVSS7AI score0.0066EPSS

CVE•added 2017/01/13 4:59 p.m.•79 views

CVE-2016-8883

The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

5.5CVSS5.8AI score0.00379EPSS

CVE•added 2017/03/23 6:59 p.m.•78 views

CVE-2016-9394

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

5.5CVSS5.8AI score0.00461EPSS

CVE•added 2017/03/23 6:59 p.m.•76 views

CVE-2016-9389

The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).

7.5CVSS7.2AI score0.01628EPSS

CVE•added 2017/08/29 6:29 a.m.•74 views

CVE-2017-13745

There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.

7.5CVSS7.2AI score0.00486EPSS

CVE•added 2017/03/23 6:59 p.m.•73 views

CVE-2016-9387

Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.

7.8CVSS7.7AI score0.0033EPSS

CVE•added 2017/03/23 6:59 p.m.•73 views

CVE-2016-9392

The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

5.5CVSS5.8AI score0.00466EPSS

CVE•added 2017/03/23 6:59 p.m.•70 views

CVE-2016-9390

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

5.5CVSS5.8AI score0.00461EPSS

CVE•added 2017/03/23 6:59 p.m.•69 views

CVE-2016-9262

Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.

5.5CVSS6.1AI score0.00433EPSS

CVE•added 2017/03/23 6:59 p.m.•67 views

CVE-2016-9391

The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

7.5CVSS7.1AI score0.01218EPSS

CVE•added 2017/03/23 6:59 p.m.•66 views

CVE-2016-8887

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

5.5CVSS6AI score0.00219EPSS

CVE•added 2017/03/23 6:59 p.m.•62 views

CVE-2016-8886

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

7.8CVSS7.5AI score0.00317EPSS

CVE•added 2017/08/29 6:29 a.m.•58 views

CVE-2017-13749

There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

7.5CVSS7.1AI score0.0101EPSS

CVE•added 2017/03/15 2:59 p.m.•57 views

CVE-2017-6850

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

5.5CVSS5.8AI score0.00222EPSS

CVE•added 2017/08/29 6:29 a.m.•56 views

CVE-2017-13752

There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

7.5CVSS7.1AI score0.0101EPSS

CVE•added 2017/09/09 8:29 a.m.•56 views

CVE-2017-14229

There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.

7.5CVSS7.3AI score0.00744EPSS

CVE•added 2017/08/29 6:29 a.m.•54 views

CVE-2017-13751

There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

7.5CVSS7.1AI score0.0101EPSS

CVE•added 2017/03/23 6:59 p.m.•53 views

CVE-2016-9395

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

5.5CVSS5.7AI score0.00395EPSS

CVE•added 2017/03/15 2:59 p.m.•52 views

CVE-2016-10250

The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.

7.5CVSS6AI score0.0067EPSS

CVE•added 2017/03/23 6:59 p.m.•51 views

CVE-2016-9397

The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

7.5CVSS7AI score0.01797EPSS

CVE•added 2017/08/29 6:29 a.m.•51 views

CVE-2017-13747

There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

7.5CVSS7.1AI score0.0101EPSS

CVE•added 2017/08/29 6:29 a.m.•51 views

CVE-2017-13750

There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.

7.5CVSS7.1AI score0.01636EPSS

CVE•added 2017/03/15 2:59 p.m.•51 views

CVE-2017-6852

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

7.8CVSS7.6AI score0.00595EPSS

CVE•added 2017/03/23 6:59 p.m.•50 views

CVE-2016-9557

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

5.5CVSS5.8AI score0.00226EPSS

CVE•added 2017/03/15 2:59 p.m.•50 views

CVE-2017-6851

The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.

5.5CVSS5.7AI score0.00453EPSS

Total number of security vulnerabilities55