Jasper Project

Jasper

102 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2017-5504

Exploit
  • EPSS 0.46%
  • Veröffentlicht 01.03.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

7.8

CVE-2016-9560

Exploit
  • EPSS 0.4%
  • Veröffentlicht 15.02.2017 19:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

5.5

CVE-2016-8690

Exploit
  • EPSS 0.42%
  • Veröffentlicht 15.02.2017 19:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.

5.5

CVE-2016-8691

Exploit
  • EPSS 0.47%
  • Veröffentlicht 15.02.2017 19:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.

5.5

CVE-2016-8692

Exploit
  • EPSS 0.47%
  • Veröffentlicht 15.02.2017 19:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.

7.8

CVE-2016-8693

Exploit
  • EPSS 0.61%
  • Veröffentlicht 15.02.2017 19:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.

5.5

CVE-2016-8882

  • EPSS 0.24%
  • Veröffentlicht 13.01.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

5.5

CVE-2016-8883

  • EPSS 0.38%
  • Veröffentlicht 13.01.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

5.7

CVE-2016-2116

  • EPSS 7.34%
  • Veröffentlicht 13.04.2016 14:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.

7.6

CVE-2016-1577

  • EPSS 7.73%
  • Veröffentlicht 13.04.2016 14:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, ...