This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Jasper Project First view 2014-12-08
Product Jasper Last view 2019-08-15
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:jasper_project:jasper

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2019-08-15 CVE-2017-14232

The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file.

7.8 2018-08-01 CVE-2016-9583

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

7.8 2018-08-01 CVE-2016-8654

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

6.5 2018-03-12 CVE-2016-9600

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

5.5 2018-03-09 CVE-2016-9591

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

5.5 2017-07-25 CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5 2017-03-23 CVE-2016-9557

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

7.5 2017-03-23 CVE-2016-9398

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

7.5 2017-03-23 CVE-2016-9396

The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.

5.5 2017-03-23 CVE-2016-9395

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

5.5 2017-03-23 CVE-2016-9394

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

5.5 2017-03-23 CVE-2016-9392

The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

7.5 2017-03-23 CVE-2016-9391

The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

5.5 2017-03-23 CVE-2016-9390

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

7.5 2017-03-23 CVE-2016-9389

The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).

7.8 2017-03-23 CVE-2016-9387

Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.

5.5 2017-03-23 CVE-2016-9262

Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.

5.5 2017-03-23 CVE-2016-8887

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

7.8 2017-03-23 CVE-2016-8886

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

5.5 2017-03-23 CVE-2016-8885

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.

7.8 2017-03-15 CVE-2017-6852

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

5.5 2017-03-15 CVE-2017-6851

The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.

5.5 2017-03-15 CVE-2017-6850

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

7.8 2017-03-15 CVE-2016-10251

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

7.5 2017-03-15 CVE-2016-10250

The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.

CWE : Common Weakness Enumeration

%idName
24% (8) CWE-476 NULL Pointer Dereference
15% (5) CWE-190 Integer Overflow or Wraparound
15% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9% (3) CWE-399 Resource Management Errors
9% (3) CWE-20 Improper Input Validation
6% (2) CWE-416 Use After Free
6% (2) CWE-369 Divide By Zero
6% (2) CWE-189 Numeric Errors
6% (2) CWE-125 Out-of-bounds Read
3% (1) CWE-415 Double Free

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ec39fe2c9c.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1417.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1389.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1583.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3253.nasl - Type: ACT_GATHER_INFO
2018-06-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1163.nasl - Type: ACT_GATHER_INFO
2018-06-04 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e6df7fcf75.nasl - Type: ACT_GATHER_INFO
2017-07-26 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-844.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1916-1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1901-1.nasl - Type: ACT_GATHER_INFO
2017-07-13 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1208.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201707-07.nasl - Type: ACT_GATHER_INFO
2017-06-16 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1094.nasl - Type: ACT_GATHER_INFO
2017-06-16 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1095.nasl - Type: ACT_GATHER_INFO
2017-06-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-836.nasl - Type: ACT_GATHER_INFO
2017-05-19 Name: The remote Fedora host is missing a security update.
File: fedora_2017-da0b00fd64.nasl - Type: ACT_GATHER_INFO
2017-05-19 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3295-1.nasl - Type: ACT_GATHER_INFO
2017-05-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-cfc20d5d45.nasl - Type: ACT_GATHER_INFO
2017-05-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1208.nasl - Type: ACT_GATHER_INFO
2017-05-11 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2017-0102.nasl - Type: ACT_GATHER_INFO
2017-05-11 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170509_jasper_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1208.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1208.nasl - Type: ACT_GATHER_INFO
2017-04-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-920.nasl - Type: ACT_GATHER_INFO
2017-04-18 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-478.nasl - Type: ACT_GATHER_INFO