Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jasper jpeg-2000 jasper jpeg-2000 vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2016-8691
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer prior to 1.900.4 allows remote malicious users to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
Jasper Project Jasper
Debian Debian Linux 8.0
Fedoraproject Fedora 25
1 Github repository
5.5
CVSSv3
CVE-2016-8692
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer prior to 1.900.4 allows remote malicious users to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
Jasper Project Jasper
Fedoraproject Fedora 25
Debian Debian Linux 8.0
NA
CVE-2008-3520
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent malicious users to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
Jasper Project Jasper 1.900.1
5.5
CVSSv3
CVE-2016-8887
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer prior to 1.900.10 allows remote malicious users to cause a denial of service (NULL pointer dereference).
Jasper Project Jasper
Fedoraproject Fedora 24
Fedoraproject Fedora 23
1 Github repository
5.7
CVSSv3
CVE-2016-2116
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and previous versions allows remote malicious users to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Jasper Project Jasper
7.6
CVSSv3
CVE-2016-1577
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and previous versions allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vu...
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Jasper Project Jasper
5.5
CVSSv3
CVE-2016-8884
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote malicious users to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CV...
Jasper Project Jasper 1.900.5
Fedoraproject Fedora 24
Fedoraproject Fedora 23
NA
CVE-2008-3522
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent malicious users to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
Redhat Enterprise Virtualization 3.5
Jasper Project Jasper 1.900.1
5.5
CVSSv3
CVE-2016-9591
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
Jasper Project Jasper
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server Eus 7.4
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 7.3
Debian Debian Linux 8.0
NA
CVE-2011-4516
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker...
Jasper Project Jasper 1.900.1
Suse Linux Enterprise Server 11
Fedoraproject Fedora 16
Canonical Ubuntu Linux 10.10
Suse Linux Enterprise Desktop 11
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Debian Debian Linux 6.0
Fedoraproject Fedora 15
Canonical Ubuntu Linux 10.04
Suse Linux Enterprise Software Development Kit 11
Oracle Outside In Technology 8.3.5
Oracle Outside In Technology 8.3.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »