cbcvebase.

Jasper Project Jasper vulnerabilities

101 known vulnerabilities affecting jasper_project/jasper.

Total CVEs
101
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH42MEDIUM56LOW1

Vulnerabilities

Page 3 of 6
CVE-2016-9387P3HIGHCVSS 7.8≤ 1.900.122017-03-23
CVE-2016-9387 [HIGH] CWE-190 CVE-2016-9387: Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.9 Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
nvdosv
CVE-2016-9397P4HIGHCVSS 7.5v1.900.132017-03-23
CVE-2016-9397 [HIGH] CWE-617 CVE-2016-9397: The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denia The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
nvd
CVE-2016-10251P4HIGHCVSS 7.8≤ 1.900.192017-03-15
CVE-2016-10251 [HIGH] CWE-190 CVE-2016-10251: Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows rem Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
nvdosv
CVE-2008-3520P4CRITICALCVSS 9.3v1.900.12008-10-02
CVE-2008-3520 [CRITICAL] CWE-189 CVE-2008-3520: Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unkn Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
nvd
CVE-2022-2963P4HIGHCVSS 7.5v3.0.6vjasper 3.0.62022-10-14
CVE-2022-2963 [HIGH] CWE-401 CVE-2022-2963: A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.
nvd
CVE-2018-19543P4HIGHCVSS 7.8v2.0.142018-11-26
CVE-2018-19543 [HIGH] CWE-125 CVE-2018-19543: An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the fu An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
nvd
CVE-2017-14132P4MEDIUMCVSS 6.5v2.0.132017-09-04
CVE-2017-14132 [MEDIUM] CWE-125 CVE-2017-14132: JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900 JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.
nvd
CVE-2018-20570P4MEDIUMCVSS 6.5v2.0.142018-12-28
CVE-2018-20570 [MEDIUM] CWE-125 CVE-2018-20570: jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
nvd
CVE-2018-19539P4MEDIUMCVSS 6.5v2.0.142018-11-26
CVE-2018-19539 [MEDIUM] CWE-617 CVE-2018-19539: An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_rea An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
nvd
CVE-2016-9600P4MEDIUMCVSS 6.5fixed in 2.0.102018-03-12
CVE-2016-9600 [MEDIUM] CWE-476 CVE-2016-9600: JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded cr JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
nvdosv
CVE-2021-26926P4HIGHCVSS 7.1fixed in 2.0.25vjasper 2.0.252021-02-23
CVE-2021-26926 [HIGH] CWE-125 CVE-2021-26926: A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode functi A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
nvd
CVE-2018-19542P4MEDIUMCVSS 6.5v2.0.142018-11-26
CVE-2018-19542 [MEDIUM] CWE-476 CVE-2018-19542: An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_de An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
nvdosv
CVE-2018-20622P4MEDIUMCVSS 6.5v2.0.142018-12-31
CVE-2018-20622 [MEDIUM] CWE-772 CVE-2018-20622: JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is us JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
nvd
CVE-2018-20584P4MEDIUMCVSS 6.5v2.0.142018-12-30
CVE-2018-20584 [MEDIUM] CVE-2018-20584: JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempt JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.
nvd
CVE-2018-9252P4MEDIUMCVSS 6.5v2.0.142018-04-04
CVE-2018-9252 [MEDIUM] CWE-617 CVE-2018-9252: JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsiz JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
nvd
CVE-2016-1867P4MEDIUMCVSS 6.5v1.900.12016-01-20
CVE-2016-1867 [MEDIUM] CWE-119 CVE-2016-1867: The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
nvdosv
CVE-2025-8835P4MEDIUMCVSS 5.5≤ 4.2.5v4.2.0+5 more2025-08-11
CVE-2025-8835 [MEDIUM] CWE-404 CVE-2025-8835: A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_ A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to
nvd
CVE-2016-2089P4MEDIUMCVSS 6.5v1.900.12016-02-08
CVE-2016-2089 [MEDIUM] CWE-20 CVE-2016-2089: The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denia The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
nvdosv
CVE-2008-3521P4HIGHCVSS 7.2v1.900.12008-10-02
CVE-2008-3521 [HIGH] CWE-59 CVE-2008-3521: Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 a Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute
nvd
CVE-2016-2116P4MEDIUMCVSS 5.7≤ 1.900.12016-04-13
CVE-2016-2116 [MEDIUM] CWE-399 CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote at Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.
nvdosv