Total
98 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8158 | 4 Debian, Jasper Project, Opensuse and 1 more | 4 Debian Linux, Jasper, Opensuse and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. | |||||
| CVE-2016-2089 | 1 Jasper Project | 1 Jasper | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. | |||||
| CVE-2014-8138 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2025-04-12 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file. | |||||
| CVE-2014-9029 | 1 Jasper Project | 1 Jasper | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow. | |||||
| CVE-2011-4517 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file. | |||||
| CVE-2011-4516 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. | |||||
| CVE-2008-3520 | 1 Jasper Project | 1 Jasper | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. | |||||
| CVE-2008-3522 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Virtualization | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. | |||||
| CVE-2008-3521 | 1 Jasper Project | 1 Jasper | 2025-04-09 | 7.2 HIGH | N/A |
| Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion. | |||||
| CVE-2023-51257 | 1 Jasper Project | 1 Jasper | 2024-11-21 | N/A | 7.8 HIGH |
| An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. | |||||
| CVE-2022-40755 | 1 Jasper Project | 1 Jasper | 2024-11-21 | N/A | 5.5 MEDIUM |
| JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. | |||||
| CVE-2022-2963 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. | |||||
| CVE-2021-3467 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. | |||||
| CVE-2021-3443 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. | |||||
| CVE-2021-3272 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. | |||||
| CVE-2021-27845 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c | |||||
| CVE-2021-26927 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service. | |||||
| CVE-2021-26926 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. | |||||
| CVE-2020-27828 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. | |||||
| CVE-2018-9252 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. | |||||