Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jasper
(Jasper_project)| Repositories | https://github.com/mdadams/jasper |
| #Vulnerabilities | 100 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-17 | CVE-2015-8751 | Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. | Jasper | 8.8 | ||
| 2008-10-02 | CVE-2008-3521 | Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion. | Jasper | N/A | ||
| 2017-02-15 | CVE-2016-8690 | The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. | Fedora, Jasper | 5.5 | ||
| 2017-02-15 | CVE-2016-8691 | The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. | Debian_linux, Fedora, Jasper | 5.5 | ||
| 2017-02-15 | CVE-2016-8692 | The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. | Debian_linux, Fedora, Jasper | 5.5 | ||
| 2017-02-15 | CVE-2016-8693 | Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. | Fedora, Jasper, Opensuse | 7.8 | ||
| 2017-03-23 | CVE-2016-8885 | The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. | Jasper | 5.5 | ||
| 2017-03-23 | CVE-2016-8886 | The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure. | Jasper | 7.8 | ||
| 2017-03-23 | CVE-2016-8887 | The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). | Fedora, Jasper | 5.5 | ||
| 2017-03-23 | CVE-2016-9396 | The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. | Jasper | 7.5 |