Jasper Project Jasper vulnerabilities
101 known vulnerabilities affecting jasper_project/jasper.
Total CVEs
101
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH42MEDIUM56LOW1
Vulnerabilities
Page 4 of 6
CVE-2016-8690P4MEDIUMCVSS 5.5≤ 1.900.292017-02-15
CVE-2016-8690 [MEDIUM] CWE-476 CVE-2016-8690: The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
nvdosv
CVE-2016-8885P4MEDIUMCVSS 5.5≤ 1.900.82017-03-23
CVE-2016-8885 [MEDIUM] CWE-476 CVE-2016-8885: The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.
nvdosv
CVE-2016-9262P4MEDIUMCVSS 5.5≤ 1.900.212017-03-23
CVE-2016-9262 [MEDIUM] CWE-190 CVE-2016-9262: Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize f
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
nvd
CVE-2016-8887P4MEDIUMCVSS 5.5≤ 1.900.92017-03-23
CVE-2016-8887 [MEDIUM] CWE-476 CVE-2016-8887: The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote att
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
nvdosv
CVE-2015-5203P4MEDIUMCVSS 5.5v1.900.172017-08-02
CVE-2015-5203 [MEDIUM] CWE-415 CVE-2015-5203: Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote at
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
nvdosv
CVE-2017-6850P4MEDIUMCVSS 5.5≤ 2.0.122017-03-15
CVE-2017-6850 [MEDIUM] CWE-476 CVE-2017-6850: The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause
The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
nvdosv
CVE-2016-8884P4MEDIUMCVSS 5.5v1.900.52017-03-28
CVE-2016-8884 [MEDIUM] CVE-2016-8884: The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cau
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
nvdosv
CVE-2015-5221P4MEDIUMCVSS 5.5≤ 1.900.12017-07-25
CVE-2015-5221 [MEDIUM] CWE-416 CVE-2015-5221: Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasP
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
nvdosv
CVE-2017-5505P4MEDIUMCVSS 5.5v1.900.272017-03-16
CVE-2017-5505 [MEDIUM] CWE-119 CVE-2017-5505: The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denia
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
nvd
CVE-2016-9390P4MEDIUMCVSS 5.5≤ 1.900.132017-03-23
CVE-2016-9390 [MEDIUM] CWE-20 CVE-2016-9390: The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to caus
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
nvdosv
CVE-2016-9388P4MEDIUMCVSS 5.5fixed in 1.900.142017-03-23
CVE-2016-9388 [MEDIUM] CWE-617 CVE-2016-9388: The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a d
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
nvdosv
CVE-2017-5503P4MEDIUMCVSS 5.5v1.900.272017-03-01
CVE-2017-5503 [MEDIUM] CWE-787 CVE-2017-5503: The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to
The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.
nvd
CVE-2017-6851P4MEDIUMCVSS 5.5≤ 2.0.92017-03-15
CVE-2017-6851 [MEDIUM] CWE-125 CVE-2017-6851: The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a den
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.
nvd
CVE-2016-9394P4MEDIUMCVSS 5.5≤ 1.900.162017-03-23
CVE-2016-9394 [MEDIUM] CWE-20 CVE-2016-9394: The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to caus
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
nvdosv
CVE-2016-9392P4MEDIUMCVSS 5.5≤ 1.900.162017-03-23
CVE-2016-9392 [MEDIUM] CVE-2016-9392: The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
nvdosv
CVE-2016-9393P4MEDIUMCVSS 5.5v1.900.172017-03-23
CVE-2016-9393 [MEDIUM] CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cau
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
nvdosv
CVE-2018-9055P4MEDIUMCVSS 5.5v2.0.142018-03-27
CVE-2018-9055 [MEDIUM] CWE-617 CVE-2018-9055: JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in lib
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.
nvd
CVE-2017-5504P4MEDIUMCVSS 5.5v1.900.172017-03-01
CVE-2017-5504 [MEDIUM] CWE-125 CVE-2017-5504: The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to c
The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
nvd
CVE-2016-8882P4MEDIUMCVSS 5.5≤ 1.900.72017-01-13
CVE-2016-8882 [MEDIUM] CWE-476 CVE-2016-8882: The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote atta
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
nvdosv
CVE-2016-9591P4MEDIUMCVSS 5.5fixed in 2.0.12v2.0.122018-03-09
CVE-2016-9591 [MEDIUM] CWE-416 CVE-2016-9591: JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 20
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
nvdosv