CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Jasper Project » Jasper : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000050 476 2017-07-17 2017-07-20
5.0
None Remote Low Not required None None Partial
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
2 CVE-2017-14229 400 DoS 2017-09-09 2017-09-19
5.0
None Remote Low Not required None None Partial
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.
3 CVE-2017-14132 125 DoS 2017-09-04 2017-09-06
4.3
None Remote Medium Not required None None Partial
JasPer 2.0.13 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.
4 CVE-2017-13752 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
5 CVE-2017-13751 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
6 CVE-2017-13750 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.
7 CVE-2017-13749 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
8 CVE-2017-13748 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.
9 CVE-2017-13747 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
10 CVE-2017-13746 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.
11 CVE-2017-13745 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
12 CVE-2017-9782 119 DoS Overflow 2017-06-21 2017-06-27
4.3
None Remote Medium Not required None None Partial
JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.
13 CVE-2017-6852 119 Overflow 2017-03-15 2017-03-16
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.
14 CVE-2017-6851 125 DoS 2017-03-15 2017-03-16
4.3
None Remote Medium Not required None None Partial
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.
15 CVE-2017-6850 476 DoS 2017-03-15 2017-03-16
4.3
None Remote Medium Not required None None Partial
The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
16 CVE-2017-5505 119 DoS Overflow 2017-03-16 2017-03-17
4.3
None Remote Medium Not required None None Partial
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
17 CVE-2017-5504 125 DoS 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
18 CVE-2017-5503 787 DoS 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.
19 CVE-2017-5502 189 DoS 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
20 CVE-2017-5501 190 DoS Overflow 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
21 CVE-2017-5500 189 DoS 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
22 CVE-2017-5499 190 DoS Overflow 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
23 CVE-2017-5498 189 DoS 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
24 CVE-2016-10251 190 Overflow 2017-03-15 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
25 CVE-2016-10250 476 DoS 2017-03-15 2017-03-16
5.0
None Remote Low Not required None None Partial
The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.
26 CVE-2016-10249 190 Overflow 2017-03-15 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.
27 CVE-2016-10248 476 DoS 2017-03-15 2017-06-22
5.0
None Remote Low Not required None None Partial
The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.
28 CVE-2016-9560 119 Overflow 2017-02-15 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
29 CVE-2016-9557 190 DoS Overflow 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
30 CVE-2016-9399 DoS 2017-03-23 2017-03-27
5.0
None Remote Low Not required None None Partial
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
31 CVE-2016-9398 DoS 2017-03-23 2017-03-27
5.0
None Remote Low Not required None None Partial
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
32 CVE-2016-9397 DoS 2017-03-23 2017-03-27
5.0
None Remote Low Not required None None Partial
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
33 CVE-2016-9396 DoS 2017-03-23 2017-08-30
5.0
None Remote Low Not required None None Partial
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.
34 CVE-2016-9395 20 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
35 CVE-2016-9394 20 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
36 CVE-2016-9393 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
37 CVE-2016-9392 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
38 CVE-2016-9391 DoS 2017-03-23 2017-03-27
5.0
None Remote Low Not required None None Partial
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
39 CVE-2016-9390 20 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
40 CVE-2016-9389 DoS 2017-03-23 2017-03-27
5.0
None Remote Low Not required None None Partial
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
41 CVE-2016-9388 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
42 CVE-2016-9387 190 Overflow 2017-03-23 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
43 CVE-2016-9262 190 DoS Overflow 2017-03-23 2017-07-10
4.3
None Remote Medium Not required None None Partial
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
44 CVE-2016-8887 476 DoS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
45 CVE-2016-8886 119 Overflow 2017-03-23 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.
46 CVE-2016-8885 476 DoS 2017-03-23 2017-03-24
4.3
None Remote Medium Not required None None Partial
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.
47 CVE-2016-8884 476 DoS 2017-03-28 2017-03-31
4.3
None Remote Medium Not required None None Partial
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
48 CVE-2016-8883 399 DoS 2017-01-13 2017-01-31
4.3
None Remote Medium Not required None None Partial
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
49 CVE-2016-8882 476 DoS 2017-01-13 2017-11-03
4.3
None Remote Medium Not required None None Partial
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
50 CVE-2016-8693 415 DoS Exec Code 2017-02-15 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
Total number of vulnerabilities : 69   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.