Vulnerabilities (CVE)

Filtered by vendor Jasper Project Subscribe
Filtered by product Jasper
Total 95 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27828 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2022-08-06 6.8 MEDIUM 7.8 HIGH
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
CVE-2015-8751 1 Jasper Project 1 Jasper 2022-01-14 6.8 MEDIUM 8.8 HIGH
Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.
CVE-2021-27845 1 Jasper Project 1 Jasper 2021-09-07 4.3 MEDIUM 5.5 MEDIUM
A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c
CVE-2021-3467 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-03-30 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
CVE-2021-3443 3 Fedoraproject, Jasper Project, Redhat 3 Fedora, Jasper, Enterprise Linux 2021-03-30 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
CVE-2021-26927 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-03-24 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
CVE-2021-26926 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-03-22 5.8 MEDIUM 7.1 HIGH
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
CVE-2016-9560 3 Debian, Jasper Project, Redhat 8 Debian Linux, Jasper, Enterprise Linux Desktop and 5 more 2021-03-15 6.8 MEDIUM 7.8 HIGH
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
CVE-2016-9398 4 Fedoraproject, Jasper Project, Opensuse and 1 more 6 Fedora, Jasper, Leap and 3 more 2021-02-22 5.0 MEDIUM 7.5 HIGH
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2017-1000050 4 Canonical, Fedoraproject, Jasper Project and 1 more 6 Ubuntu Linux, Fedora, Jasper and 3 more 2021-02-22 5.0 MEDIUM 7.5 HIGH
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
CVE-2016-9397 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-22 5.0 MEDIUM 7.5 HIGH
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-9399 3 Fedoraproject, Jasper Project, Opensuse 3 Fedora, Jasper, Leap 2021-02-22 5.0 MEDIUM 7.5 HIGH
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2021-3272 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-12 4.3 MEDIUM 5.5 MEDIUM
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
CVE-2017-13748 3 Debian, Fedoraproject, Jasper Project 3 Debian Linux, Fedora, Jasper 2021-02-05 5.0 MEDIUM 7.5 HIGH
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.
CVE-2017-13749 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-05 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13750 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-05 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13746 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-05 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13751 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-05 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13747 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-05 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13752 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-05 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.