Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jasper
(Jasper_project)Repositories | https://github.com/mdadams/jasper |
#Vulnerabilities | 100 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-03-23 | CVE-2016-9262 | Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. | Jasper | 5.5 | ||
2017-01-13 | CVE-2016-8883 | The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | Jasper | 5.5 | ||
2017-01-13 | CVE-2016-8882 | The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | Jasper | 5.5 | ||
2016-04-13 | CVE-2016-2116 | Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. | Ubuntu_linux, Jasper | 5.7 | ||
2016-02-08 | CVE-2016-2089 | The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. | Jasper | 6.5 | ||
2016-01-20 | CVE-2016-1867 | The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | Jasper | 6.5 | ||
2016-04-13 | CVE-2016-1577 | Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137. | Ubuntu_linux, Jasper | 7.6 | ||
2017-03-15 | CVE-2016-10251 | Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value. | Jasper | 7.8 | ||
2017-03-15 | CVE-2016-10250 | The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887. | Jasper | 7.5 | ||
2017-03-15 | CVE-2016-10249 | Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow. | Jasper | 7.8 |