Filtered by vendor Jasper Project
Subscribe
Total
97 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8654 | 3 Debian, Jasper Project, Redhat | 7 Debian Linux, Jasper, Enterprise Linux Desktop and 4 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. | |||||
CVE-2018-20622 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. | |||||
CVE-2018-19540 | 3 Debian, Jasper Project, Suse | 4 Debian Linux, Jasper, Linux Enterprise Desktop and 1 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c. | |||||
CVE-2018-19541 | 4 Canonical, Debian, Jasper Project and 1 more | 5 Ubuntu Linux, Debian Linux, Jasper and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c. | |||||
CVE-2018-19542 | 5 Canonical, Debian, Jasper Project and 2 more | 6 Ubuntu Linux, Debian Linux, Jasper and 3 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. | |||||
CVE-2018-20584 | 3 Debian, Jasper Project, Oracle | 3 Debian Linux, Jasper, Outside In Technology | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | |||||
CVE-2018-19139 | 3 Debian, Jasper Project, Redhat | 3 Debian Linux, Jasper, Fedora | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. | |||||
CVE-2018-19539 | 4 Debian, Jasper Project, Opensuse and 1 more | 5 Debian Linux, Jasper, Leap and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. | |||||
CVE-2018-20570 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. | |||||
CVE-2018-9055 | 1 Jasper Project | 1 Jasper | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. | |||||
CVE-2018-9252 | 1 Jasper Project | 1 Jasper | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. | |||||
CVE-2016-9600 | 3 Canonical, Jasper Project, Redhat | 8 Ubuntu Linux, Jasper, Enterprise Linux Desktop and 5 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. | |||||
CVE-2016-9591 | 3 Debian, Jasper Project, Redhat | 6 Debian Linux, Jasper, Enterprise Linux Desktop and 3 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. | |||||
CVE-2018-9154 | 1 Jasper Project | 1 Jasper | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745. | |||||
CVE-2017-13750 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2017-14132 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c. | |||||
CVE-2017-13748 | 3 Debian, Fedoraproject, Jasper Project | 3 Debian Linux, Fedora, Jasper | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. | |||||
CVE-2017-13745 | 1 Jasper Project | 1 Jasper | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. | |||||
CVE-2017-13749 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2017-13747 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |