Vulnerabilities > Jasper Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-09 | CVE-2018-19139 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue has been found in JasPer 2.0.14. | 5.5 |
| 2018-10-31 | CVE-2018-18873 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in JasPer 2.0.14. | 5.5 |
| 2018-08-01 | CVE-2016-9583 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. | 7.8 |
| 2018-08-01 | CVE-2016-8654 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. | 7.8 |
| 2018-05-04 | CVE-2018-9154 | Improper Input Validation vulnerability in Jasper Project Jasper 2.0.14 There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745. | 7.5 |
| 2018-04-04 | CVE-2018-9252 | Reachable Assertion vulnerability in Jasper Project Jasper 2.0.14 JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. | 6.5 |
| 2018-03-27 | CVE-2018-9055 | Reachable Assertion vulnerability in Jasper Project Jasper 2.0.14 JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. | 5.5 |
| 2018-03-12 | CVE-2016-9600 | NULL Pointer Dereference vulnerability in multiple products JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. | 6.5 |
| 2018-03-09 | CVE-2016-9591 | Use After Free vulnerability in multiple products JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. | 5.5 |
| 2017-09-09 | CVE-2017-14229 | Infinite Loop vulnerability in Jasper Project Jasper 2.0.13 There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. | 7.5 |