Vulnerabilities (CVE)

Filtered by vendor Jasper Project Subscribe
Filtered by product Jasper
Total 98 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1577 2 Canonical, Jasper Project 2 Ubuntu Linux, Jasper 2024-11-21 6.8 MEDIUM 7.6 HIGH
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.
CVE-2016-10251 1 Jasper Project 1 Jasper 2024-11-21 6.8 MEDIUM 7.8 HIGH
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
CVE-2016-10250 1 Jasper Project 1 Jasper 2024-11-21 5.0 MEDIUM 7.5 HIGH
The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.
CVE-2016-10249 1 Jasper Project 1 Jasper 2024-11-21 6.8 MEDIUM 7.8 HIGH
Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.
CVE-2016-10248 1 Jasper Project 1 Jasper 2024-11-21 5.0 MEDIUM 7.5 HIGH
The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.
CVE-2015-8751 1 Jasper Project 1 Jasper 2024-11-21 6.8 MEDIUM 8.8 HIGH
Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.
CVE-2015-5221 4 Fedoraproject, Jasper Project, Opensuse and 1 more 5 Fedora, Jasper, Leap and 2 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2015-5203 4 Fedoraproject, Jasper Project, Opensuse and 1 more 5 Fedora, Jasper, Leap and 2 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2014-9029 1 Jasper Project 1 Jasper 2024-11-21 7.5 HIGH N/A
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
CVE-2014-8158 4 Debian, Jasper Project, Opensuse and 1 more 4 Debian Linux, Jasper, Opensuse and 1 more 2024-11-21 6.8 MEDIUM N/A
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
CVE-2014-8157 4 Debian, Jasper Project, Opensuse and 1 more 4 Debian Linux, Jasper, Opensuse and 1 more 2024-11-21 7.5 HIGH N/A
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
CVE-2014-8138 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2024-11-21 7.5 HIGH N/A
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
CVE-2014-8137 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2024-11-21 6.8 MEDIUM N/A
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
CVE-2011-4517 7 Canonical, Debian, Fedoraproject and 4 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-11-21 6.8 MEDIUM N/A
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
CVE-2011-4516 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-11-21 6.8 MEDIUM N/A
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
CVE-2008-3522 2 Jasper Project, Redhat 2 Jasper, Enterprise Virtualization 2024-11-21 10.0 HIGH N/A
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
CVE-2008-3521 1 Jasper Project 1 Jasper 2024-11-21 7.2 HIGH N/A
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.
CVE-2008-3520 1 Jasper Project 1 Jasper 2024-11-21 9.3 HIGH N/A
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.