Vulnerabilities > Jasper Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-24 | CVE-2014-8137 | Double Free Remote Code Execution vulnerability in JasPer Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file. | 6.8 |
| 2014-12-08 | CVE-2014-9029 | Numeric Errors vulnerability in Jasper Project Jasper 1.900.1 Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow. | 7.5 |
| 2008-10-02 | CVE-2008-3522 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. | 10.0 |
| 2008-10-02 | CVE-2008-3520 | Numeric Errors vulnerability in Jasper Project Jasper 1.900.1 Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. | 9.3 |