CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Jasper Project » Jasper : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-6852 119 Overflow 2017-03-15 2017-03-16
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.
2 CVE-2017-6851 125 DoS 2017-03-15 2017-03-16
4.3
None Remote Medium Not required None None Partial
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.
3 CVE-2017-6850 476 DoS 2017-03-15 2017-03-16
4.3
None Remote Medium Not required None None Partial
The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
4 CVE-2017-5505 119 DoS Overflow 2017-03-16 2017-03-17
4.3
None Remote Medium Not required None None Partial
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
5 CVE-2017-5504 125 DoS 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
6 CVE-2017-5503 787 DoS 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.
7 CVE-2017-5502 189 DoS 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
8 CVE-2017-5501 190 DoS Overflow 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
9 CVE-2017-5500 189 DoS 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
10 CVE-2017-5499 190 DoS Overflow 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
11 CVE-2017-5498 189 DoS 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
12 CVE-2016-10251 190 Overflow 2017-03-15 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
13 CVE-2016-10250 476 DoS 2017-03-15 2017-03-16
5.0
None Remote Low Not required None None Partial
The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.
14 CVE-2016-10249 190 Overflow 2017-03-15 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.
15 CVE-2016-10248 476 DoS 2017-03-15 2017-03-16
5.0
None Remote Low Not required None None Partial
The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.
16 CVE-2016-9560 119 Overflow 2017-02-15 2017-02-23
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
17 CVE-2016-9557 190 DoS Overflow 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
18 CVE-2016-9399 DoS 2017-03-23 2017-03-27
5.0
None Remote Low Not required None None Partial
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
19 CVE-2016-9398 DoS 2017-03-23 2017-03-27
5.0
None Remote Low Not required None None Partial
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
20 CVE-2016-9397 DoS 2017-03-23 2017-03-27
5.0
None Remote Low Not required None None Partial
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
21 CVE-2016-9396 DoS 2017-03-23 2017-03-27
5.0
None Remote Low Not required None None Partial
The JPC_NOMINALGAIN function in jpc_t1cod.c in JasPer before 1.900.12 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
22 CVE-2016-9395 20 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
23 CVE-2016-9394 20 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
24 CVE-2016-9393 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
25 CVE-2016-9392 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
26 CVE-2016-9391 DoS 2017-03-23 2017-03-27
5.0
None Remote Low Not required None None Partial
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
27 CVE-2016-9390 20 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
28 CVE-2016-9389 DoS 2017-03-23 2017-03-27
5.0
None Remote Low Not required None None Partial
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
29 CVE-2016-9388 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
30 CVE-2016-9387 190 Overflow 2017-03-23 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
31 CVE-2016-9262 190 DoS Overflow 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
32 CVE-2016-8887 476 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
33 CVE-2016-8886 119 Overflow 2017-03-23 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.
34 CVE-2016-8885 476 DoS 2017-03-23 2017-03-24
4.3
None Remote Medium Not required None None Partial
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.
35 CVE-2016-8884 476 DoS 2017-03-28 2017-03-31
4.3
None Remote Medium Not required None None Partial
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
36 CVE-2016-8883 399 DoS 2017-01-13 2017-01-31
4.3
None Remote Medium Not required None None Partial
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
37 CVE-2016-8882 476 DoS 2017-01-13 2017-01-31
4.3
None Remote Medium Not required None None Partial
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
38 CVE-2016-8693 415 DoS Exec Code 2017-02-15 2017-02-22
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
39 CVE-2016-8692 369 DoS 2017-02-15 2017-02-22
4.3
None Remote Medium Not required None None Partial
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
40 CVE-2016-8691 369 DoS 2017-02-15 2017-02-22
4.3
None Remote Medium Not required None None Partial
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
41 CVE-2016-8690 476 DoS 2017-02-15 2017-02-23
4.3
None Remote Medium Not required None None Partial
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
42 CVE-2016-2116 399 DoS 2016-04-13 2016-12-02
4.3
None Remote Medium Not required None None Partial
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.
43 CVE-2016-2089 20 DoS 2016-02-08 2016-12-05
4.3
None Remote Medium Not required None None Partial
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
44 CVE-2016-1867 119 DoS Overflow 2016-01-20 2016-01-25
4.3
None Remote Medium Not required None None Partial
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
45 CVE-2016-1577 DoS Exec Code 2016-04-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.
46 CVE-2014-9029 189 Exec Code Overflow 2014-12-08 2017-01-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
47 CVE-2014-8158 119 DoS Exec Code Overflow 2015-01-26 2017-01-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
48 CVE-2014-8157 189 DoS Exec Code Overflow 2015-01-26 2017-01-02
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
49 CVE-2014-8138 119 DoS Exec Code Overflow 2014-12-24 2016-12-06
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
50 CVE-2014-8137 DoS Exec Code 2014-12-24 2016-12-06
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
Total number of vulnerabilities : 55   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.