Vulnerabilities > Jasper Project

DATE CVE VULNERABILITY TITLE RISK
2017-07-25 CVE-2015-5221 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
5.5
2017-07-17 CVE-2017-1000050 NULL Pointer Dereference vulnerability in multiple products
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
7.5
2017-06-21 CVE-2017-9782 Out-of-bounds Read vulnerability in Jasper Project Jasper 2.0.12
JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.
local
low complexity
jasper-project CWE-125
5.5
2017-03-28 CVE-2016-8884 NULL Pointer Dereference vulnerability in multiple products
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.
local
low complexity
jasper-project fedoraproject CWE-476
5.5
2017-03-23 CVE-2016-9557 Integer Overflow or Wraparound vulnerability in Jasper Project Jasper
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
local
low complexity
jasper-project CWE-190
5.5
2017-03-23 CVE-2016-9399 Reachable Assertion vulnerability in multiple products
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
network
low complexity
jasper-project fedoraproject opensuse CWE-617
7.5
2017-03-23 CVE-2016-9398 Reachable Assertion vulnerability in multiple products
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
7.5
2017-03-23 CVE-2016-9397 Reachable Assertion vulnerability in multiple products
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
network
low complexity
jasper-project fedoraproject CWE-617
7.5
2017-03-23 CVE-2016-9396 Unspecified vulnerability in Jasper Project Jasper
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.
network
low complexity
jasper-project
7.5
2017-03-23 CVE-2016-9395 Improper Input Validation vulnerability in Jasper Project Jasper
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
local
low complexity
jasper-project CWE-20
5.5