Jasper Project Jasper vulnerabilities
101 known vulnerabilities affecting jasper_project/jasper.
Total CVEs
101
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH42MEDIUM56LOW1
Vulnerabilities
Page 5 of 6
CVE-2017-5502P4MEDIUMCVSS 5.5v1.900.172017-03-01
CVE-2017-5502 [MEDIUM] CVE-2017-5502: libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (cra
libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
nvd
CVE-2017-5500P4MEDIUMCVSS 5.5v1.900.172017-03-01
CVE-2017-5500 [MEDIUM] CVE-2017-5500: libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (cra
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
nvd
CVE-2021-3443P4MEDIUMCVSS 5.5fixed in 2.0.27vjasper 2.0.272021-03-25
CVE-2021-3443 [MEDIUM] CWE-476 CVE-2021-3443: A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
nvd
CVE-2021-3467P4MEDIUMCVSS 5.5fixed in 2.0.26vjasper 2.0.262021-03-25
CVE-2021-3467 [MEDIUM] CWE-476 CVE-2021-3467: A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
nvd
CVE-2016-9557P4MEDIUMCVSS 5.5≤ 1.900.242017-03-23
CVE-2016-9557 [MEDIUM] CWE-190 CVE-2016-9557: Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
nvd
CVE-2017-9782P4MEDIUMCVSS 5.5v2.0.122017-06-21
CVE-2017-9782 [MEDIUM] CWE-125 CVE-2017-9782: JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and
JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.
nvdosv
CVE-2016-8883P4MEDIUMCVSS 5.5≤ 1.900.72017-01-13
CVE-2016-8883 [MEDIUM] CWE-399 CVE-2016-8883: The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cau
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
nvdosv
CVE-2018-18873P4MEDIUMCVSS 5.5v2.0.142018-10-31
CVE-2018-18873 [MEDIUM] CWE-476 CVE-2018-18873: An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_pu
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
nvdosv
CVE-2017-5501P4MEDIUMCVSS 5.5v1.900.172017-03-01
CVE-2017-5501 [MEDIUM] CWE-190 CVE-2017-5501: Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a d
Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
nvd
CVE-2017-5499P4MEDIUMCVSS 5.5v1.900.172017-03-01
CVE-2017-5499 [MEDIUM] CWE-190 CVE-2017-5499: Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a de
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
nvd
CVE-2018-19139P4MEDIUMCVSS 5.5v2.0.142018-11-09
CVE-2018-19139 [MEDIUM] CWE-772 CVE-2018-19139: An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jp
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
nvd
CVE-2016-9395P4MEDIUMCVSS 5.5≤ 1.900.242017-03-23
CVE-2016-9395 [MEDIUM] CWE-20 CVE-2016-9395: The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to caus
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
nvd
CVE-2021-3272P4MEDIUMCVSS 5.5v2.0.242021-01-27
CVE-2021-3272 [MEDIUM] CWE-125 CVE-2021-3272: jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when the
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
nvd
CVE-2021-26927P4MEDIUMCVSS 5.5fixed in 2.0.25vbefore 2.0.252021-02-23
CVE-2021-26927 [MEDIUM] CWE-476 CVE-2021-26927: A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
nvd
CVE-2017-5498P4MEDIUMCVSS 5.5v1.900.172017-03-01
CVE-2017-5498 [MEDIUM] CVE-2017-5498: libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of
libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
nvd
CVE-2021-27845P4MEDIUMCVSS 5.5≥ 2.0.0, < 2.0.172021-07-15
CVE-2021-27845 [MEDIUM] CWE-369 CVE-2021-27845: A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc
A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c
nvd
CVE-2016-8691P4MEDIUMCVSS 5.5≤ 1.900.32017-02-15
CVE-2016-8691 [MEDIUM] CWE-369 CVE-2016-8691: The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote a
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
nvdosv
CVE-2016-8692P4MEDIUMCVSS 5.5≤ 1.900.32017-02-15
CVE-2016-8692 [MEDIUM] CWE-369 CVE-2016-8692: The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote a
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
nvdosv
CVE-2022-40755P4MEDIUMCVSS 5.5v3.0.62022-09-16
CVE-2022-40755 [MEDIUM] CWE-617 CVE-2022-40755: JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasp
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.
nvd
CVE-2017-14232P4MEDIUMCVSS 5.5≤ 2.0.162019-08-15
CVE-2017-14232 [MEDIUM] CWE-399 CVE-2017-14232: The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attac
The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file.
nvd