CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27828 – jasper: Heap-based buffer overflow in cp_create() in jpc_enc.c
https://notcve.org/view.php?id=CVE-2020-27828
11 Dec 2020 — There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. Se presenta un fallo en el codificador jpc de jasper en versiones anteriores a 2.0.23. Una entrada diseñada proporcionada a jasper por un atacante podría causar una escritura arbitraria fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1905201 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14232 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-14232
09 Aug 2019 — The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file. La función read_chunk en el archivo flif-dec.cpp en Free Lossless Image Format (FLIF) versión 0.3, permite a los atacantes remotos causar una denegación de servicio (lectura de memoria no válida y bloqueo de aplicación) por medio de un archivo flif diseñado. Multiple vulnerabilities have been found in JasPer... • https://cxsecurity.com/cveshow/CVE-2017-14232 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-20622
https://notcve.org/view.php?id=CVE-2018-20622
31 Dec 2018 — JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. La versión 2.0.14 de JasPer tiene una fuga de memoria en base/jas_malloc.c en libjasper.a cuando se utiliza "--output-format jp2". • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-20584 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2018-20584
30 Dec 2018 — JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. JasPer 2.0.14 permite que los atacantes remotos provoquen una denegación de servicio (bloqueo de la aplicación) mediante un intento de conversión al formato jp2. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected. • http://www.securityfocus.com/bid/106356 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-20570
https://notcve.org/view.php?id=CVE-2018-20570
28 Dec 2018 — jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. jp2_encode en jp2/jp2_enc.c en JasPer 2.0.14 tiene una sobrelectura de búfer basada en memoria dinámica (heap). • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 1CVE-2018-19539
https://notcve.org/view.php?id=CVE-2018-19539
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. Se ha descubierto un problema en JasPer 2.0.14. Hay una violación de acceso en la función jas_image_readcmpt en libjasper/base/jas_image.c, provocando una denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html • CWE-617: Reachable Assertion •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1CVE-2018-19540
https://notcve.org/view.php?id=CVE-2018-19540
26 Nov 2018 — An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c. ... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-19541
https://notcve.org/view.php?id=CVE-2018-19541
26 Nov 2018 — An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 1CVE-2018-19542 – Ubuntu Security Notice USN-4688-1
https://notcve.org/view.php?id=CVE-2018-19542
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. Se ha descubierto un problema en JasPer 2.0.14. Hay una desreferencia de puntero NULL en la función jp2_decode en libjasper/jp2/jp2_dec.c, provocando una denegación de servicio (DoS). It was discovered that Jasper incorrectly certain files. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-19543
https://notcve.org/view.php?id=CVE-2018-19543
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. Se ha descubierto un problema en JasPer 2.0.14. Existe un desbordamiento de búfer basado en memoria dinámica (heap) del tamaño 8 en la función jp2_decode in libjasper/jp2/jp2_dec.c. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-125: Out-of-bounds Read •