Vulnerabilities (CVE)

Filtered by vendor Jasper Project Subscribe
Filtered by product Jasper
Total 98 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9591 3 Debian, Jasper Project, Redhat 6 Debian Linux, Jasper, Enterprise Linux Desktop and 3 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
CVE-2018-9252 1 Jasper Project 1 Jasper 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
CVE-2018-9154 1 Jasper Project 1 Jasper 2024-02-28 5.0 MEDIUM 7.5 HIGH
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.
CVE-2016-9600 3 Canonical, Jasper Project, Redhat 8 Ubuntu Linux, Jasper, Enterprise Linux Desktop and 5 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
CVE-2015-5221 4 Fedoraproject, Jasper Project, Opensuse and 1 more 5 Fedora, Jasper, Leap and 2 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2017-13752 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2024-02-28 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-9782 1 Jasper Project 1 Jasper 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.
CVE-2017-13750 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2024-02-28 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-14229 1 Jasper Project 1 Jasper 2024-02-28 5.0 MEDIUM 7.5 HIGH
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.
CVE-2017-13746 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2024-02-28 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13751 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2024-02-28 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2015-5203 4 Fedoraproject, Jasper Project, Opensuse and 1 more 5 Fedora, Jasper, Leap and 2 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2017-13749 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2024-02-28 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13745 1 Jasper Project 1 Jasper 2024-02-28 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.
CVE-2017-14132 2 Debian, Jasper Project 2 Debian Linux, Jasper 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.
CVE-2017-13747 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2024-02-28 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13748 3 Debian, Fedoraproject, Jasper Project 3 Debian Linux, Fedora, Jasper 2024-02-28 5.0 MEDIUM 7.5 HIGH
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.
CVE-2017-1000050 4 Canonical, Fedoraproject, Jasper Project and 1 more 6 Ubuntu Linux, Fedora, Jasper and 3 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
CVE-2016-9394 1 Jasper Project 1 Jasper 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-8692 3 Debian, Fedoraproject, Jasper Project 3 Debian Linux, Fedora, Jasper 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.