Vulnerabilities > Jasper Project > Jasper > 1.900.17

DATE CVE VULNERABILITY TITLE RISK
2017-03-15 CVE-2016-10251 Integer Overflow or Wraparound vulnerability in Jasper Project Jasper
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
local
low complexity
jasper-project CWE-190
7.8
7.8
2017-03-01 CVE-2017-5504 Out-of-bounds Read vulnerability in Jasper Project Jasper 1.900.17
The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
local
low complexity
jasper-project CWE-125
5.5
5.5
2017-03-01 CVE-2017-5502 Unspecified vulnerability in Jasper Project Jasper 1.900.17
libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
local
low complexity
jasper-project
5.5
5.5
2017-03-01 CVE-2017-5501 Integer Overflow or Wraparound vulnerability in Jasper Project Jasper 1.900.17
Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
local
low complexity
jasper-project CWE-190
5.5
5.5
2017-03-01 CVE-2017-5500 Unspecified vulnerability in Jasper Project Jasper 1.900.17
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
local
low complexity
jasper-project
5.5
5.5
2017-03-01 CVE-2017-5499 Integer Overflow or Wraparound vulnerability in Jasper Project Jasper 1.900.17
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
local
low complexity
jasper-project CWE-190
5.5
5.5
2017-03-01 CVE-2017-5498 Unspecified vulnerability in Jasper Project Jasper 1.900.17
libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
local
low complexity
jasper-project
5.5
5.5
2017-02-15 CVE-2016-9560 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
local
low complexity
jasper-project debian redhat CWE-787
7.8
7.8
2017-02-15 CVE-2016-8690 NULL Pointer Dereference vulnerability in multiple products
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
local
low complexity
jasper-project fedoraproject CWE-476
5.5
5.5