Jasper Project : Security Vulnerabilities, CVEs, Published In 2017 (Overflow)

CVE-2017-6852

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.
Max CVSS
7.8
EPSS Score
0.37%
Published
2017-03-15
Updated
2019-08-09

CVE-2017-5505

The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
Max CVSS
5.5
EPSS Score
0.69%
Published
2017-03-16
Updated
2020-09-25

CVE-2017-5501

Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
Max CVSS
5.5
EPSS Score
0.19%
Published
2017-03-01
Updated
2017-03-03

CVE-2017-5499

Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
Max CVSS
5.5
EPSS Score
0.62%
Published
2017-03-01
Updated
2020-09-25

CVE-2016-10251

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
Max CVSS
7.8
EPSS Score
1.16%
Published
2017-03-15
Updated
2018-01-05

CVE-2016-10249

Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.
Max CVSS
7.8
EPSS Score
0.56%
Published
2017-03-15
Updated
2018-01-05

CVE-2016-9560

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
Max CVSS
7.8
EPSS Score
0.63%
Published
2017-02-15
Updated
2021-03-15

CVE-2016-9557

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
Max CVSS
5.5
EPSS Score
0.50%
Published
2017-03-23
Updated
2017-03-27

CVE-2016-9387

Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
Max CVSS
7.8
EPSS Score
0.60%
Published
2017-03-23
Updated
2018-06-29

CVE-2016-9262

Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
Max CVSS
5.5
EPSS Score
0.73%
Published
2017-03-23
Updated
2018-06-29

CVE-2016-8886

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.
Max CVSS
7.8
EPSS Score
1.24%
Published
2017-03-23
Updated
2017-03-27
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close