Jasper Project Jasper vulnerabilities
101 known vulnerabilities affecting jasper_project/jasper.
Total CVEs
101
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH41MEDIUM58
Vulnerabilities
Page 3 of 6
CVE-2017-13749HIGHCVSS 7.5v2.0.122017-08-29
CVE-2017-13749 [HIGH] CWE-617 CVE-2017-13749: There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
nvd
CVE-2017-13746HIGHCVSS 7.5v2.0.122017-08-29
CVE-2017-13746 [HIGH] CWE-617 CVE-2017-13746: There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.
nvd
CVE-2015-5203MEDIUMCVSS 5.5v1.900.172017-08-02
CVE-2015-5203 [MEDIUM] CWE-415 CVE-2015-5203: Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote at
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
nvd
CVE-2015-5221MEDIUMCVSS 5.5≤ 1.900.12017-07-25
CVE-2015-5221 [MEDIUM] CWE-416 CVE-2015-5221: Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasP
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
nvd
CVE-2017-1000050HIGHCVSS 7.5v2.0.122017-07-17
CVE-2017-1000050 [HIGH] CWE-476 CVE-2017-1000050: JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to c
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
nvd
CVE-2017-9782MEDIUMCVSS 5.5v2.0.122017-06-21
CVE-2017-9782 [MEDIUM] CWE-125 CVE-2017-9782: JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and
JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.
nvd
CVE-2016-8884MEDIUMCVSS 5.5v1.900.52017-03-28
CVE-2016-8884 [MEDIUM] CVE-2016-8884: The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cau
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
nvd
CVE-2016-9387HIGHCVSS 7.8≤ 1.900.122017-03-23
CVE-2016-9387 [HIGH] CWE-190 CVE-2016-9387: Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.9
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
nvd
CVE-2016-9389HIGHCVSS 7.5≤ 1.900.132017-03-23
CVE-2016-9389 [HIGH] CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
nvd
CVE-2016-9397HIGHCVSS 7.5v1.900.132017-03-23
CVE-2016-9397 [HIGH] CWE-617 CVE-2016-9397: The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denia
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
nvd
CVE-2016-8886HIGHCVSS 7.8≤ 1.900.102017-03-23
CVE-2016-8886 [HIGH] CWE-119 CVE-2016-8886: The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attac
The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.
nvd
CVE-2016-9391HIGHCVSS 7.5≤ 2.0.62017-03-23
CVE-2016-9391 [HIGH] CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to ca
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
nvd
CVE-2016-9399HIGHCVSS 7.5v1.900.222017-03-23
CVE-2016-9399 [HIGH] CWE-617 CVE-2016-9399: The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
nvd
CVE-2016-9398HIGHCVSS 7.5fixed in 1.900.172017-03-23
CVE-2016-9398 [HIGH] CWE-617 CVE-2016-9398: The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
nvd
CVE-2016-9396HIGHCVSS 7.5≤ 1.900.112017-03-23
CVE-2016-9396 [HIGH] CVE-2016-9396: The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.
nvd
CVE-2016-9394MEDIUMCVSS 5.5≤ 1.900.162017-03-23
CVE-2016-9394 [MEDIUM] CWE-20 CVE-2016-9394: The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to caus
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
nvd
CVE-2016-9557MEDIUMCVSS 5.5≤ 1.900.242017-03-23
CVE-2016-9557 [MEDIUM] CWE-190 CVE-2016-9557: Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
nvd
CVE-2016-8885MEDIUMCVSS 5.5≤ 1.900.82017-03-23
CVE-2016-8885 [MEDIUM] CWE-476 CVE-2016-8885: The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.
nvd
CVE-2016-9393MEDIUMCVSS 5.5v1.900.172017-03-23
CVE-2016-9393 [MEDIUM] CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cau
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
nvd
CVE-2016-9390MEDIUMCVSS 5.5≤ 1.900.132017-03-23
CVE-2016-9390 [MEDIUM] CWE-20 CVE-2016-9390: The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to caus
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
nvd