This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Jasper Project First view 2008-10-02
Product Jasper Last view 2019-08-15
Version 1.900.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:jasper_project:jasper

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2019-08-15 CVE-2017-14232

The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file.

7.8 2018-08-01 CVE-2016-9583

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

7.8 2018-08-01 CVE-2016-8654

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

6.5 2018-03-12 CVE-2016-9600

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

5.5 2018-03-09 CVE-2016-9591

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

5.5 2017-07-25 CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5 2017-03-23 CVE-2016-9557

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

7.5 2017-03-23 CVE-2016-9398

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

7.5 2017-03-23 CVE-2016-9396

The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.

5.5 2017-03-23 CVE-2016-9395

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

5.5 2017-03-23 CVE-2016-9394

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

5.5 2017-03-23 CVE-2016-9392

The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

7.5 2017-03-23 CVE-2016-9391

The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

5.5 2017-03-23 CVE-2016-9390

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

7.5 2017-03-23 CVE-2016-9389

The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).

7.8 2017-03-23 CVE-2016-9387

Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.

5.5 2017-03-23 CVE-2016-9262

Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.

5.5 2017-03-23 CVE-2016-8887

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

7.8 2017-03-23 CVE-2016-8886

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

5.5 2017-03-23 CVE-2016-8885

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.

7.8 2017-03-15 CVE-2017-6852

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

5.5 2017-03-15 CVE-2017-6851

The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.

5.5 2017-03-15 CVE-2017-6850

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

7.8 2017-03-15 CVE-2016-10251

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

7.5 2017-03-15 CVE-2016-10250

The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.

CWE : Common Weakness Enumeration

%idName
24% (10) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
19% (8) CWE-476 NULL Pointer Dereference
12% (5) CWE-190 Integer Overflow or Wraparound
9% (4) CWE-20 Improper Input Validation
7% (3) CWE-399 Resource Management Errors
7% (3) CWE-189 Numeric Errors
4% (2) CWE-416 Use After Free
4% (2) CWE-369 Divide By Zero
4% (2) CWE-125 Out-of-bounds Read
2% (1) CWE-415 Double Free
2% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Open Source Vulnerability Database (OSVDB)

id Description
77596 JasPer src/libjasper/jpc/jpc_cs.c jpc_crg_getparms() Function CRG Marker Segm...
77595 JasPer src/libjasper/jpc/jpc_cs.c jpc_cox_getcompparms() Function COD Market ...
49891 JasPer Crafted Image File Memory Allocation Integer Multiplication Multiple O...
49890 JasPer libjasper/base/jas_stream.c jas_stream_printf Function Overflow
48916 JasPer libjasper/base/jas_stream.c jas_stream_tmpfile Function Temporary File...

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-07-30 Name : CentOS Update for jasper CESA-2011:1807 centos6
File : nvt/gb_CESA-2011_1807_jasper_centos6.nasl
2012-07-30 Name : CentOS Update for netpbm CESA-2011:1811 centos4 x86_64
File : nvt/gb_CESA-2011_1811_netpbm_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for netpbm CESA-2011:1811 centos5 x86_64
File : nvt/gb_CESA-2011_1811_netpbm_centos5_x86_64.nasl
2012-07-09 Name : RedHat Update for jasper RHSA-2011:1807-01
File : nvt/gb_RHSA-2011_1807-01_jasper.nasl
2012-03-19 Name : Fedora Update for jasper FEDORA-2011-16966
File : nvt/gb_fedora_2011_16966_jasper_fc16.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-10 (JasPer)
File : nvt/glsa_201201_10.nasl
2012-01-09 Name : Ubuntu Update for ghostscript USN-1317-1
File : nvt/gb_ubuntu_USN_1317_1.nasl
2012-01-09 Name : Fedora Update for jasper FEDORA-2011-16955
File : nvt/gb_fedora_2011_16955_jasper_fc15.nasl
2011-12-23 Name : Ubuntu Update for jasper USN-1315-1
File : nvt/gb_ubuntu_USN_1315_1.nasl
2011-12-19 Name : Mandriva Update for jasper MDVSA-2011:189 (jasper)
File : nvt/gb_mandriva_MDVSA_2011_189.nasl
2011-12-16 Name : CentOS Update for netpbm CESA-2011:1811 centos4 i386
File : nvt/gb_CESA-2011_1811_netpbm_centos4_i386.nasl
2011-12-16 Name : CentOS Update for netpbm CESA-2011:1811 centos5 i386
File : nvt/gb_CESA-2011_1811_netpbm_centos5_i386.nasl
2011-12-16 Name : RedHat Update for netpbm RHSA-2011:1811-01
File : nvt/gb_RHSA-2011_1811-01_netpbm.nasl
2011-08-09 Name : CentOS Update for netpbm CESA-2009:0012 centos4 i386
File : nvt/gb_CESA-2009_0012_netpbm_centos4_i386.nasl
2010-08-21 Name : Debian Security Advisory DSA 2080-1 (ghostscript)
File : nvt/deb_2080_1.nasl
2010-04-21 Name : Debian Security Advisory DSA 2036-1 (jasper)
File : nvt/deb_2036_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:142-1 (jasper)
File : nvt/mdksa_2009_142_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:311 (ghostscript)
File : nvt/mdksa_2009_311.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:317 (netpbm)
File : nvt/mdksa_2009_317.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-10761 (jasper)
File : nvt/fcore_2009_10761.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-10737 (jasper)
File : nvt/fcore_2009_10737.nasl
2009-10-13 Name : SLES10: Security update for jasper
File : nvt/sles10_jasper.nasl
2009-10-10 Name : SLES9: Security update for jasper
File : nvt/sles9p5038720.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:164 (jasper)
File : nvt/mdksa_2009_164.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:165 (ghostscript)
File : nvt/mdksa_2009_165.nasl

Snort® IPS/IDS

Date Description
2016-03-25 Oracle Outside-In invalid CRG segment memory corruption attempt
RuleID : 37852 - Type : FILE-OTHER - Revision : 1
2016-03-25 Oracle Outside-In invalid CRG segment memory corruption attempt
RuleID : 37851 - Type : FILE-OTHER - Revision : 1
2014-01-10 Oracle Outside In JPEG COC parameter buffer overflow attempt
RuleID : 24718 - Type : FILE-IMAGE - Revision : 8
2014-01-10 Oracle Outside In JPEG COD parameter buffer overflow attempt
RuleID : 24717 - Type : FILE-IMAGE - Revision : 8
2014-01-10 Oracle Outside In JPEG COC parameter buffer overflow attempt
RuleID : 24716 - Type : FILE-IMAGE - Revision : 8
2014-01-10 Oracle Outside In JPEG COD parameter buffer overflow attempt
RuleID : 24715 - Type : FILE-IMAGE - Revision : 8
2014-01-10 Oracle Outside In JPEG COC parameter buffer overflow attempt
RuleID : 24714 - Type : FILE-IMAGE - Revision : 8
2014-01-10 Oracle Outside In JPEG COD parameter buffer overflow attempt
RuleID : 24713 - Type : FILE-IMAGE - Revision : 8
2014-01-10 Oracle Outside In JPEG COC parameter buffer overflow attempt
RuleID : 24712 - Type : FILE-IMAGE - Revision : 8
2014-01-10 Oracle Outside In JPEG COD parameter buffer overflow attempt
RuleID : 24711 - Type : FILE-IMAGE - Revision : 8

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ec39fe2c9c.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1417.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1389.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1583.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3253.nasl - Type: ACT_GATHER_INFO
2018-06-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1163.nasl - Type: ACT_GATHER_INFO
2018-06-04 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e6df7fcf75.nasl - Type: ACT_GATHER_INFO
2017-07-26 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-844.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1916-1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1901-1.nasl - Type: ACT_GATHER_INFO
2017-07-13 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1208.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201707-07.nasl - Type: ACT_GATHER_INFO
2017-06-16 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1094.nasl - Type: ACT_GATHER_INFO
2017-06-16 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1095.nasl - Type: ACT_GATHER_INFO
2017-06-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-836.nasl - Type: ACT_GATHER_INFO
2017-05-19 Name: The remote Fedora host is missing a security update.
File: fedora_2017-da0b00fd64.nasl - Type: ACT_GATHER_INFO
2017-05-19 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3295-1.nasl - Type: ACT_GATHER_INFO
2017-05-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-cfc20d5d45.nasl - Type: ACT_GATHER_INFO
2017-05-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1208.nasl - Type: ACT_GATHER_INFO
2017-05-11 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2017-0102.nasl - Type: ACT_GATHER_INFO
2017-05-11 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170509_jasper_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1208.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1208.nasl - Type: ACT_GATHER_INFO
2017-04-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-920.nasl - Type: ACT_GATHER_INFO
2017-04-18 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-478.nasl - Type: ACT_GATHER_INFO