Jasper Project Jasper vulnerabilities
101 known vulnerabilities affecting jasper_project/jasper.
Total CVEs
101
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH42MEDIUM56LOW1
Vulnerabilities
Page 2 of 6
CVE-2016-10249P3HIGHCVSS 7.8≤ 1.900.112017-03-15
CVE-2016-10249 [HIGH] CWE-190 CVE-2016-10249: Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows re
Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.
nvdosv
CVE-2016-8886P3HIGHCVSS 7.8≤ 1.900.102017-03-23
CVE-2016-8886 [HIGH] CWE-119 CVE-2016-8886: The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attac
The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.
nvd
CVE-2016-9398P3HIGHCVSS 7.5fixed in 1.900.172017-03-23
CVE-2016-9398 [HIGH] CWE-617 CVE-2016-9398: The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
nvd
CVE-2016-9389P3HIGHCVSS 7.5≤ 1.900.132017-03-23
CVE-2016-9389 [HIGH] CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
nvdosv
CVE-2016-8693P3HIGHCVSS 7.8≤ 1.900.52017-02-15
CVE-2016-8693 [HIGH] CWE-415 CVE-2016-8693: Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
nvdosv
CVE-2016-10250P3HIGHCVSS 7.5≤ 1.900.122017-03-15
CVE-2016-10250 [HIGH] CWE-476 CVE-2016-10250: The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to caus
The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.
nvdosv
CVE-2017-13750P3HIGHCVSS 7.5v2.0.122017-08-29
CVE-2017-13750 [HIGH] CWE-617 CVE-2017-13750: There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.
nvd
CVE-2017-13751P3HIGHCVSS 7.5v2.0.122017-08-29
CVE-2017-13751 [HIGH] CWE-617 CVE-2017-13751: There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
nvd
CVE-2017-13752P3HIGHCVSS 7.5v2.0.122017-08-29
CVE-2017-13752 [HIGH] CWE-617 CVE-2017-13752: There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
nvd
CVE-2017-13747P3HIGHCVSS 7.5v2.0.122017-08-29
CVE-2017-13747 [HIGH] CWE-617 CVE-2017-13747: There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
nvd
CVE-2017-13749P3HIGHCVSS 7.5v2.0.122017-08-29
CVE-2017-13749 [HIGH] CWE-617 CVE-2017-13749: There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
nvd
CVE-2016-1577P3HIGHCVSS 7.6≤ 1.900.12016-04-13
CVE-2016-1577 [HIGH] CVE-2016-1577: Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allow
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.
nvdosv
CVE-2018-9154P3HIGHCVSS 7.5v2.0.142018-05-04
CVE-2018-9154 [HIGH] CVE-2018-9154: There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.
nvd
CVE-2016-9583P3HIGHCVSS 7.8fixed in 2.0.62018-08-01
CVE-2016-9583 [HIGH] CWE-125 CVE-2016-9583: An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper befor
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
nvdosv
CVE-2016-8654P3HIGHCVSS 7.8fixed in 2.0.02018-08-01
CVE-2016-8654 [HIGH] CWE-122 CVE-2016-8654: A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allo
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
nvdosv
CVE-2016-9391P3HIGHCVSS 7.5≤ 2.0.62017-03-23
CVE-2016-9391 [HIGH] CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to ca
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
nvdosv
CVE-2016-10248P3HIGHCVSS 7.5≤ 1.900.82017-03-15
CVE-2016-10248 [HIGH] CWE-476 CVE-2016-10248: The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to c
The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.
nvdosv
CVE-2016-9399P3HIGHCVSS 7.5v1.900.222017-03-23
CVE-2016-9399 [HIGH] CWE-617 CVE-2016-9399: The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
nvd
CVE-2017-1000050P3HIGHCVSS 7.5v2.0.122017-07-17
CVE-2017-1000050 [HIGH] CWE-476 CVE-2017-1000050: JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to c
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
nvdosv
CVE-2017-14229P3HIGHCVSS 7.5v2.0.132017-09-09
CVE-2017-14229 [HIGH] CWE-835 CVE-2017-14229: There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It wil
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.
nvd