Vulnerabilities > Jasper Project

DATE CVE VULNERABILITY TITLE RISK
2017-03-23 CVE-2016-9394 Improper Input Validation vulnerability in Jasper Project Jasper
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
local
low complexity
jasper-project CWE-20
5.5
2017-03-23 CVE-2016-9393 Unspecified vulnerability in Jasper Project Jasper 1.900.17
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
local
low complexity
jasper-project
5.5
2017-03-23 CVE-2016-9392 Unspecified vulnerability in Jasper Project Jasper
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
local
low complexity
jasper-project
5.5
2017-03-23 CVE-2016-9391 Unspecified vulnerability in Jasper Project Jasper
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
network
low complexity
jasper-project
7.5
2017-03-23 CVE-2016-9390 Improper Input Validation vulnerability in Jasper Project Jasper
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
local
low complexity
jasper-project CWE-20
5.5
2017-03-23 CVE-2016-9389 Unspecified vulnerability in Jasper Project Jasper
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
network
low complexity
jasper-project
7.5
2017-03-23 CVE-2016-9388 Reachable Assertion vulnerability in multiple products
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
local
low complexity
jasper-project canonical CWE-617
5.5
2017-03-23 CVE-2016-9387 Integer Overflow or Wraparound vulnerability in Jasper Project Jasper
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
local
low complexity
jasper-project CWE-190
7.8
2017-03-23 CVE-2016-9262 Integer Overflow or Wraparound vulnerability in Jasper Project Jasper
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
local
low complexity
jasper-project CWE-190
5.5
2017-03-23 CVE-2016-8887 NULL Pointer Dereference vulnerability in multiple products
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
local
low complexity
jasper-project fedoraproject CWE-476
5.5