Vulnerabilities > Jasper Project > Jasper > 2.0.14

DATE CVE VULNERABILITY TITLE RISK
2018-12-28 CVE-2018-20570 Out-of-bounds Read vulnerability in multiple products
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
network
low complexity
jasper-project debian CWE-125
6.5
6.5
2018-11-26 CVE-2018-19543 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in JasPer 2.0.14.
local
low complexity
jasper-project canonical debian suse CWE-125
7.8
7.8
2018-11-26 CVE-2018-19542 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in JasPer 2.0.14. 		6.5
6.5
2018-11-26 CVE-2018-19541 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16.
network
low complexity
jasper-project canonical suse debian CWE-125
8.8
8.8
2018-11-26 CVE-2018-19540 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16.
network
low complexity
jasper-project suse debian CWE-787
8.8
8.8
2018-11-26 CVE-2018-19539 Reachable Assertion vulnerability in multiple products
An issue was discovered in JasPer 2.0.14.
network
low complexity
jasper-project suse debian opensuse CWE-617
6.5
6.5
2018-11-09 CVE-2018-19139 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue has been found in JasPer 2.0.14.
local
low complexity
jasper-project redhat debian CWE-772
5.5
5.5
2018-10-31 CVE-2018-18873 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in JasPer 2.0.14.
local
low complexity
jasper-project canonical debian suse CWE-476
5.5
5.5
2018-05-04 CVE-2018-9154 Improper Input Validation vulnerability in Jasper Project Jasper 2.0.14
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.
network
low complexity
jasper-project CWE-20
7.5
7.5
2018-04-04 CVE-2018-9252 Reachable Assertion vulnerability in Jasper Project Jasper 2.0.14
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
network
low complexity
jasper-project CWE-617
6.5
6.5