CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2016-9583 – jasper: integer overflows leading to out of bounds read in packet iterators in JPC decoder
https://notcve.org/view.php?id=CVE-2016-9583
10 May 2017 — An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. Se ha detectado una vulnerabilidad de lectura de memoria dinámica (heap) fuera de límites en la función jpc_pi_nextpcrl() de jasper en versiones anteriores a la 2.0.6 al procesar entradas manipuladas. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. ... • http://www.securityfocus.com/bid/94925 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 3CVE-2016-8654 – jasper: heap-based buffer overflow in QMFB code in JPC codec
https://notcve.org/view.php?id=CVE-2016-8654
10 May 2017 — A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. Se ha descubierto una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el código QMFB en el codec JPC provocado porque el búfer se asigna con un tamaño demasiado pequeño. Se ha visto afectado jaster en versiones anteriores a la 2.0.0. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000... • http://www.securityfocus.com/bid/94583 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 1CVE-2016-9591 – jasper: use-after-free / double-free in JPC encoder
https://notcve.org/view.php?id=CVE-2016-9591
07 Apr 2017 — JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. JasPer, en versiones anteriores a la 2.0.12, es vulnerable a un uso de memoria previamente liberada en la forma en la que descifra ciertos archivos de imagen JPEG 2000. Esto resulta en un cierre inesperado de la aplicación que esté usando JasPer. A use-after-free flaw was found in the way JasPer, before version 2.0.12, decode certain JPEG 20... • http://www.securityfocus.com/bid/94952 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8884 – jasper: missing jas_matrix_create() parameter checks
https://notcve.org/view.php?id=CVE-2016-8884
28 Mar 2017 — The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. La función bmp_getdata en libjasper/bmp/bmp_dec.c en JasPer 1.900.5 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) llamando al comando imginfo con una imagen BMP manipulada. NOTA: ... • http://www.openwall.com/lists/oss-security/2016/10/23/1 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9557
https://notcve.org/view.php?id=CVE-2016-9557
23 Mar 2017 — Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file. Desbordamiento de entero en jas_image.c en JasPer en versiones anteriores a 1.900.25 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo manipulado. • http://www.openwall.com/lists/oss-security/2016/11/23/2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8887 – Ubuntu Security Notice USN-3693-1
https://notcve.org/view.php?id=CVE-2016-8887
23 Mar 2017 — The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). La función jp2_colr_destroy en libjasper/jp2/jp2_cod.c en JasPer en versiones anteriores a 1.900.10 permite a atacantes remotos provocar una denegación de servicio (referencia de puntero NULL). It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into op... • http://www.openwall.com/lists/oss-security/2016/10/23/3 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 14EXPL: 0CVE-2016-9398
https://notcve.org/view.php?id=CVE-2016-9398
23 Mar 2017 — The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. La función jpc_floorlog2 en jpc_math.c en JasPer en versiones anteriores a 1.900.17 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9392 – jasper: insufficient SIZ marker segment data sanity checks
https://notcve.org/view.php?id=CVE-2016-9392
23 Mar 2017 — The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. La función calcstepsizes en jpc_dec.c en JasPer en versiones anteriores a 1.900.17 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción) a través de un archivo manipulado. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into... • http://www.openwall.com/lists/oss-security/2016/11/17/1 • CWE-617: Reachable Assertion •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8885 – jasper: missing jas_matrix_create() parameter checks
https://notcve.org/view.php?id=CVE-2016-8885
23 Mar 2017 — The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. La función bmp_getdata en libjasper/bmp/bmp_dec.c en JasPer en versiones anteriores a 1.900.9 permite a atacantes remotos provocar una denegación de servicio (desreferencia de puntero null) llamando al comando imginfo con una imagen BMP manipulada. JasPer is an implementation of Part 1 of the JPEG... • http://www.openwall.com/lists/oss-security/2016/10/23/1 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8886
https://notcve.org/view.php?id=CVE-2016-8886
23 Mar 2017 — The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure. La función The jas_malloc libjasper/base/jas_malloc.c en JasPer en versiones anteriores a 1.900.11 permite atacantes remotos tener impacto no especificado a través de un archivo manipulado, lo que desencadena un fallo en la asignación de memoria. • http://www.openwall.com/lists/oss-security/2016/10/23/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •