Jasper Project Jasper vulnerabilities

101 known vulnerabilities affecting jasper_project/jasper.

Total CVEs

101

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL2HIGH41MEDIUM58

Vulnerabilities

Page 4 of 6

CVE-2016-9262MEDIUMCVSS 5.5≤ 1.900.212017-03-23

CVE-2016-9262 [MEDIUM] CWE-190 CVE-2016-9262: Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize f Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.

nvd

CVE-2016-8887MEDIUMCVSS 5.5≤ 1.900.92017-03-23

CVE-2016-8887 [MEDIUM] CWE-476 CVE-2016-8887: The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote att The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

nvd

CVE-2016-9388MEDIUMCVSS 5.5fixed in 1.900.142017-03-23

CVE-2016-9388 [MEDIUM] CWE-617 CVE-2016-9388: The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a d The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

nvd

CVE-2016-9392MEDIUMCVSS 5.5≤ 1.900.162017-03-23

CVE-2016-9392 [MEDIUM] CVE-2016-9392: The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

nvd

CVE-2016-9395MEDIUMCVSS 5.5≤ 1.900.242017-03-23

CVE-2016-9395 [MEDIUM] CWE-20 CVE-2016-9395: The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to caus The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

nvd

CVE-2017-5505MEDIUMCVSS 5.5v1.900.272017-03-16

CVE-2017-5505 [MEDIUM] CWE-119 CVE-2017-5505: The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denia The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

nvd

CVE-2017-6852HIGHCVSS 7.8≤ 2.0.92017-03-15

CVE-2017-6852 [HIGH] CWE-119 CVE-2017-6852: Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

nvd

CVE-2016-10249HIGHCVSS 7.8≤ 1.900.112017-03-15

CVE-2016-10249 [HIGH] CWE-190 CVE-2016-10249: Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows re Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.

nvd

CVE-2016-10251HIGHCVSS 7.8≤ 1.900.192017-03-15

CVE-2016-10251 [HIGH] CWE-190 CVE-2016-10251: Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows rem Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

nvd

CVE-2016-10250HIGHCVSS 7.5≤ 1.900.122017-03-15

CVE-2016-10250 [HIGH] CWE-476 CVE-2016-10250: The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to caus The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.

nvd

CVE-2016-10248HIGHCVSS 7.5≤ 1.900.82017-03-15

CVE-2016-10248 [HIGH] CWE-476 CVE-2016-10248: The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to c The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

nvd

CVE-2017-6851MEDIUMCVSS 5.5≤ 2.0.92017-03-15

CVE-2017-6851 [MEDIUM] CWE-125 CVE-2017-6851: The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a den The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.

nvd

CVE-2017-6850MEDIUMCVSS 5.5≤ 2.0.122017-03-15

CVE-2017-6850 [MEDIUM] CWE-476 CVE-2017-6850: The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

nvd

CVE-2017-5502MEDIUMCVSS 5.5v1.900.172017-03-01

CVE-2017-5502 [MEDIUM] CVE-2017-5502: libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (cra libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

nvd

CVE-2017-5501MEDIUMCVSS 5.5v1.900.172017-03-01

CVE-2017-5501 [MEDIUM] CWE-190 CVE-2017-5501: Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a d Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.

nvd

CVE-2017-5498MEDIUMCVSS 5.5v1.900.172017-03-01

CVE-2017-5498 [MEDIUM] CVE-2017-5498: libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

nvd

CVE-2017-5500MEDIUMCVSS 5.5v1.900.172017-03-01

CVE-2017-5500 [MEDIUM] CVE-2017-5500: libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (cra libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

nvd

CVE-2017-5504MEDIUMCVSS 5.5v1.900.172017-03-01

CVE-2017-5504 [MEDIUM] CWE-125 CVE-2017-5504: The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to c The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

nvd

CVE-2017-5499MEDIUMCVSS 5.5v1.900.172017-03-01

CVE-2017-5499 [MEDIUM] CWE-190 CVE-2017-5499: Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a de Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.

nvd

CVE-2017-5503MEDIUMCVSS 5.5v1.900.272017-03-01

CVE-2017-5503 [MEDIUM] CWE-787 CVE-2017-5503: The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.

nvd

← Previous4 / 6Next →