Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jasper
(Jasper_project)Repositories | https://github.com/mdadams/jasper |
#Vulnerabilities | 100 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-03-23 | CVE-2016-9389 | The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). | Jasper | 7.5 | ||
2017-03-23 | CVE-2016-9388 | The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. | Jasper | 5.5 | ||
2017-03-23 | CVE-2016-9387 | Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure. | Jasper | 7.8 | ||
2017-03-23 | CVE-2016-9262 | Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. | Jasper | 5.5 | ||
2017-01-13 | CVE-2016-8883 | The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | Jasper | 5.5 | ||
2017-01-13 | CVE-2016-8882 | The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | Jasper | 5.5 | ||
2016-04-13 | CVE-2016-2116 | Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. | Ubuntu_linux, Jasper | 5.7 | ||
2016-02-08 | CVE-2016-2089 | The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. | Jasper | 6.5 | ||
2016-01-20 | CVE-2016-1867 | The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | Jasper | 6.5 | ||
2016-04-13 | CVE-2016-1577 | Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137. | Ubuntu_linux, Jasper | 7.6 |