Jasper Project Jasper vulnerabilities
101 known vulnerabilities affecting jasper_project/jasper.
Total CVEs
101
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH42MEDIUM56LOW1
Vulnerabilities
Page 1 of 6
CVE-2014-8138P3HIGHCVSS 7.5v1.900.12014-12-24
CVE-2014-8138 [HIGH] CWE-119 CVE-2014-8138: Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote at
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
nvdosv
CVE-2014-9029P3HIGHCVSS 7.5≤ 1.900.12014-12-08
CVE-2014-9029 [HIGH] CWE-189 CVE-2014-9029: Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
nvdosv
CVE-2014-8157P3HIGHCVSS 7.5≤ 1.900.12015-01-26
CVE-2014-8157 [HIGH] CWE-189 CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote att
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
nvdosv
CVE-2018-19541P3HIGHCVSS 8.8v2.0.142018-11-26
CVE-2018-19541 [HIGH] CWE-125 CVE-2018-19541: An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0
nvd
CVE-2018-19540P3HIGHCVSS 8.8v2.0.142018-11-26
CVE-2018-19540 [HIGH] CWE-787 CVE-2018-19540: An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0
nvd
CVE-2014-8158P3MEDIUMCVSS 6.8≤ 1.900.12015-01-26
CVE-2014-8158 [MEDIUM] CWE-119 CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attac
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
nvdosv
CVE-2011-4516P3MEDIUMCVSS 6.8v1.900.12011-12-15
CVE-2011-4516 [MEDIUM] CWE-787 CVE-2011-4516: Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
nvd
CVE-2011-4517P3MEDIUMCVSS 6.8v1.900.12011-12-15
CVE-2011-4517 [MEDIUM] CWE-787 CVE-2011-4517: The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data typ
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a
nvd
CVE-2025-8837P3HIGHCVSS 7.8≤ 4.2.5v4.2.0+5 more2025-08-11
CVE-2025-8837 [HIGH] CWE-119 CVE-2025-8837: A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353
nvd
CVE-2014-8137P3MEDIUMCVSS 6.8≤ 1.900.12014-12-24
CVE-2014-8137 [MEDIUM] CVE-2014-8137: Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allow
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
nvdosv
CVE-2015-8751P3HIGHCVSS 8.8fixed in 1.900.42020-02-17
CVE-2015-8751 [HIGH] CWE-190 CVE-2015-8751: Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to h
Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.
nvd
CVE-2016-9560P3HIGHCVSS 7.8fixed in 1.900.302017-02-15
CVE-2016-9560 [HIGH] CWE-787 CVE-2016-9560: Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
nvdosv
CVE-2020-27828P3HIGHCVSS 7.8fixed in 2.0.23vprior to 2.0.232020-12-11
CVE-2020-27828 [HIGH] CWE-20 CVE-2020-27828: There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
nvdosv
CVE-2017-13748P3HIGHCVSS 7.5v2.0.122017-08-29
CVE-2017-13748 [HIGH] CWE-772 CVE-2017-13748: There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.
nvd
CVE-2017-13745P3HIGHCVSS 7.5v2.0.122017-08-29
CVE-2017-13745 [HIGH] CWE-617 CVE-2017-13745: There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPe
There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.
nvd
CVE-2017-6852P3HIGHCVSS 7.8≤ 2.0.92017-03-15
CVE-2017-6852 [HIGH] CWE-119 CVE-2017-6852: Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows
Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.
nvd
CVE-2023-51257P3HIGHCVSS 7.8≤ 4.1.12024-01-16
CVE-2023-51257 [HIGH] CWE-119 CVE-2023-51257: An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker t
An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
nvd
CVE-2016-9396P3HIGHCVSS 7.5≤ 1.900.112017-03-23
CVE-2016-9396 [HIGH] CVE-2016-9396: The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.
nvdosv
CVE-2008-3522P3CRITICALCVSS 10.0v1.900.12008-10-02
CVE-2008-3522 [CRITICAL] CWE-119 CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 m
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
nvd
CVE-2017-13746P3HIGHCVSS 7.5v2.0.122017-08-29
CVE-2017-13746 [HIGH] CWE-617 CVE-2017-13746: There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.
nvd
1 / 6Next →