| CVE-2021-26927 |
AVG-1497 |
Low |
No |
Denial of service |
A security issue was found in jasper before version 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to a program crash and denial of service. |
| CVE-2021-26926 |
AVG-1497 |
Medium |
No |
Information disclosure |
A security issue was found in jasper before version 2.0.25. An out of bounds read issue was found in the jp2_decode function, which may lead to disclosure... |
| CVE-2021-3467 |
AVG-1692 |
Low |
No |
Denial of service |
A NULL pointer dereference security issue was reported in JasPer 2.0.25 in the JP2 decoder. The problem is related to insufficient validation of component... |
| CVE-2021-3443 |
AVG-1833 |
Low |
No |
Denial of service |
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.28 handled component references in the JP2 image format decoder. A specially... |
| CVE-2021-3272 |
AVG-1497 |
Low |
No |
Denial of service |
jp2_decode in jp2/jp2_dec.c in libjasper in jasper before version 2.0.25 has a heap-based buffer over-read when there is an invalid relationship between the... |
| CVE-2020-27828 |
AVG-1331 |
Medium |
No |
Arbitrary code execution |
A security issue was found in jasper up to version 2.0.22. It is possible that an image processed by jasper along with crafted rlvl input could set... |
| CVE-2018-9055 |
AVG-1060 |
Low |
No |
Denial of service |
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. |
| CVE-2017-9782 |
AVG-206 |
Low |
No |
Denial of service |
JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the... |
| CVE-2017-6852 |
AVG-206 |
High |
Yes |
Arbitrary code execution |
A heap-based buffer overflow vulnerability has been discovered in jasper in jpc_dec_decodepkt (jpc_t2dec.c) that may lead to arbitrary code execution. |
| CVE-2017-6851 |
AVG-217 |
Medium |
Yes |
Denial of service |
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. |
| CVE-2017-6850 |
AVG-206 |
Medium |
Yes |
Denial of service |
A NULL pointer dereference vulnerability has been discovered in jasper in jp2_cdef_destroy (jp2_cod.c) leading to application crash. |
| CVE-2017-5505 |
AVG-206 |
Medium |
Yes |
Denial of service |
An invalid memory read in jas_matrix_asl (jas_seq.c) has been discovered that is triggered by a specially crafted file and is leading to denial of service. |
| CVE-2017-5504 |
AVG-206 |
Medium |
Yes |
Denial of service |
An invalid memory read in jpc_undo_roi (jpc_dec.c) has been discovered that is triggered by a specially crafted file leading to denial of service. |
| CVE-2017-5503 |
AVG-206 |
High |
Yes |
Arbitrary code execution |
An invalid memory write has been discovered in dec_clnpass (jpc_t1dec.c) triggered by a specially crafted file that may lead to arbitrary code execution. |
| CVE-2016-10251 |
AVG-207 |
Medium |
Yes |
Denial of service |
A use of uninitialized value problem has been discovered in jasper in jpc_pi_nextcprl (jpc_t2cod.c) that is leading to application crash. |
| CVE-2016-10249 |
AVG-207 |
High |
Yes |
Arbitrary code execution |
A heap-based buffer overflow vulnerability has been discovered in jasper in jpc_dec_tiledecode (jpc_dec.c) leading to arbitrary code execution. |
| CVE-2016-10248 |
AVG-207 |
Medium |
Yes |
Denial of service |
A NULL pointer dereference problem has been discovered in jasper in jpc_tsfb_synthesize (jpc_tsfb.c) leading to application crash. |
| CVE-2016-9591 |
AVG-69 |
High |
Yes |
Arbitrary code execution |
A heap-use-after-free vulnerability has been found in jasper. The vulnerability exists in code responsible for re-encoding the decoded input image file to a... |
| CVE-2016-9560 |
AVG-14 |
Critical |
Yes |
Arbitrary code execution |
A stack buffer overflow vulnerability has been discovered in jpc/jpc_dec.c duo to an out of bounds array write triggered by a crafted image. |
| CVE-2016-9557 |
AVG-14 |
Medium |
Yes |
Denial of service |
A signed integer overflow vulnerability has been discovered in jas_image.c triggered by a crafted image. An option max_samples has been added to the BMP and... |
| CVE-2016-9388 |
AVG-14 |
Medium |
Yes |
Denial of service |
An improper error handling was found in the RAS encoder/decoder triggering assertion tests that result in denial of service. |
| CVE-2016-9387 |
AVG-14 |
Medium |
Yes |
Denial of service |
An integer overflow in jpc_dec_process_siz was found that can be triggered by crafted image file when given as input to imginfo. |
| CVE-2016-9262 |
AVG-14 |
High |
Yes |
Arbitrary code execution |
A number of overflows were found in jasper causing use after free vulnerability triggered by a crafted image. |
| CVE-2016-8887 |
AVG-14 |
Medium |
Yes |
Denial of service |
A null pointer dereference vulnerability was found in jp2_colr_destroy in jp2_cod.c leading to application crash. |
| CVE-2016-8886 |
AVG-69 |
Medium |
Yes |
Denial of service |
A memory allocation failure was found in jas_malloc triggered by a crafted file that results in an application crash leading to denial of service. |
| CVE-2016-8885 |
AVG-14 |
Medium |
Yes |
Denial of service |
A null pointer dereference vulnerability has been discovered in bmp_getdata in bmp_dec.c. |
| CVE-2016-8884 |
AVG-14 |
Medium |
Yes |
Denial of service |
A null pointer dereference vulnerability has been discovered in bmp_getdata in bmp_dec.c. |
| CVE-2016-8693 |
AVG-14 |
Medium |
Yes |
Denial of service |
A double free vulnerability was found in mem_close in jas_stream.c triggered by invoking imginfo command on specially crafted image file. |
| CVE-2016-8692 |
AVG-14 |
Medium |
Yes |
Denial of service |
A division by zero vulnerability was found in jpc_dec_process_siz triggered by invoking imginfo command on specially crafted file. |
| CVE-2016-8691 |
AVG-14 |
Medium |
Yes |
Denial of service |
A division by zero vulnerability was found in jpc_dec_process_siz triggered by invoking imginfo command on specially crafted file. |
| CVE-2016-8690 |
AVG-14 |
Medium |
Yes |
Denial of service |
A null pointer dereference vulnerability was found in bmp_getdata triggered by invoking imginfo command on specially crafted BMP image. |
| CVE-2016-2116 |
AVG-88 |
Medium |
Yes |
Denial of service |
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory... |
| CVE-2016-2089 |
AVG-14 |
Medium |
Yes |
Denial of service |
The jas_matrix_clip function in jas_seq.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. |
| CVE-2016-1867 |
AVG-99 |
Medium |
Yes |
Denial of service |
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted... |
| CVE-2016-1577 |
AVG-88 |
High |
Yes |
Arbitrary code execution |
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash)... |
| CVE-2015-8751 |
AVG-14 |
Medium |
Yes |
Denial of service |
An integer overflow flaw was found in the way the JasPer's library jas_matrix_create() function parsed certain JPEG 2000 image files. A specially crafted... |
| CVE-2015-5221 |
AVG-99 |
High |
Yes |
Arbitrary code execution |
A use-after-free and double free has been discovered in the function mif_process_cmpt of the src/libjasper/mif/mif_cod.c file. Both tvp and tvp->buf are... |
| CVE-2015-5203 |
AVG-14 |
High |
Yes |
Arbitrary code execution |
A double free flaw was found in the way JasPer's jasper_image_stop_load() function parsed certain JPEG 2000 image files. A specially crafted file could... |
| CVE-2014-9029 |
AVG-99 |
Critical |
Yes |
Arbitrary code execution |
Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 files. A specially crafted file could... |
| CVE-2014-8158 |
AVG-99 |
High |
Yes |
Arbitrary code execution |
An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using... |
| CVE-2014-8157 |
AVG-99 |
High |
Yes |
Arbitrary code execution |
An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause... |
| CVE-2014-8138 |
AVG-99 |
Critical |
Yes |
Arbitrary code execution |
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly... |
| CVE-2014-8137 |
AVG-99 |
High |
Yes |
Arbitrary code execution |
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash)... |
| CVE-2011-4517 |
AVG-99 |
Critical |
Yes |
Arbitrary code execution |
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000... |
| CVE-2011-4516 |
AVG-99 |
Critical |
Yes |
Arbitrary code execution |
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000... |
| CVE-2008-3522 |
AVG-99 |
High |
Yes |
Arbitrary code execution |
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context- dependent attackers to have an... |
| CVE-2008-3520 |
AVG-99 |
High |
Yes |
Arbitrary code execution |
Multiple possible integer overflows have been discovered in jasper occurring in jas_malloc calls, where integer overflows may result in an insufficient... |