Vulnerabilities (CVE)

Filtered by vendor Jasper Project Subscribe
Total 98 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9262 1 Jasper Project 1 Jasper 2018-06-29 4.3 MEDIUM 5.5 MEDIUM
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
CVE-2016-8883 1 Jasper Project 1 Jasper 2018-06-29 4.3 MEDIUM 5.5 MEDIUM
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-10250 1 Jasper Project 1 Jasper 2018-06-29 5.0 MEDIUM 7.5 HIGH
The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.
CVE-2016-10248 1 Jasper Project 1 Jasper 2018-06-29 5.0 MEDIUM 7.5 HIGH
The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.
CVE-2016-2116 2 Canonical, Jasper Project 2 Ubuntu Linux, Jasper 2018-01-05 4.3 MEDIUM 5.7 MEDIUM
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.
CVE-2016-2089 1 Jasper Project 1 Jasper 2018-01-05 4.3 MEDIUM 6.5 MEDIUM
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
CVE-2016-1867 1 Jasper Project 1 Jasper 2018-01-05 4.3 MEDIUM 6.5 MEDIUM
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
CVE-2016-1577 2 Canonical, Jasper Project 2 Ubuntu Linux, Jasper 2018-01-05 6.8 MEDIUM 7.6 HIGH
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.
CVE-2016-10251 1 Jasper Project 1 Jasper 2018-01-05 6.8 MEDIUM 7.8 HIGH
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
CVE-2016-10249 1 Jasper Project 1 Jasper 2018-01-05 6.8 MEDIUM 7.8 HIGH
Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.
CVE-2014-8138 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2018-01-05 7.5 HIGH N/A
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
CVE-2014-8137 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2018-01-05 6.8 MEDIUM N/A
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
CVE-2016-8882 1 Jasper Project 1 Jasper 2017-11-04 4.3 MEDIUM 5.5 MEDIUM
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVE-2008-3520 1 Jasper Project 1 Jasper 2017-09-29 9.3 HIGH N/A
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
CVE-2008-3522 2 Jasper Project, Redhat 2 Jasper, Enterprise Virtualization 2017-08-08 10.0 HIGH N/A
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
CVE-2016-9557 1 Jasper Project 1 Jasper 2017-03-27 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-9395 1 Jasper Project 1 Jasper 2017-03-27 4.3 MEDIUM 5.5 MEDIUM
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2017-5501 1 Jasper Project 1 Jasper 2017-03-03 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.