NotCVE - vendor:"Jasper Project" product:"Jasper" version:" <= 2.0.12"

Page 2 of 80 results (0.009 seconds)

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1

CVE-2021-26926 – jasper: Out of bounds read in jp2_decode() in jp2_dec.c

https://notcve.org/view.php?id=CVE-2021-26926

A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. Se encontró un fallo en jaspe versiones anteriores a 2.0.25. Se encontró un problema de lectura fuera de límites en la función jp2_decode que puede conllevar a una divulgación de información o un bloqueo del programa • https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b https://github.com/jasper-software/jasper/issues/264 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI https://access.redhat.com/security/cve • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2020-27828 – jasper: Heap-based buffer overflow in cp_create() in jpc_enc.c

https://notcve.org/view.php?id=CVE-2020-27828

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. Se presenta un fallo en el codificador jpc de jasper en versiones anteriores a 2.0.23. Una entrada diseñada proporcionada a jasper por un atacante podría causar una escritura arbitraria fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1905201 https://github.com/jasper-software/jasper/issues/252 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COBEVDBUO3QTNR6YQBBTIQKNIB6W3MJ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBZZ2SNTQ4BSA6PNJCTOAKXIAXYNNF6V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40l • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-14232

https://notcve.org/view.php?id=CVE-2017-14232

The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file. La función read_chunk en el archivo flif-dec.cpp en Free Lossless Image Format (FLIF) versión 0.3, permite a los atacantes remotos causar una denegación de servicio (lectura de memoria no válida y bloqueo de aplicación) por medio de un archivo flif diseñado. • https://cxsecurity.com/cveshow/CVE-2017-14232 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-399: Resource Management Errors •

CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0

CVE-2016-9600 – jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_

https://notcve.org/view.php?id=CVE-2016-9600

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. JasPer, en versiones anteriores a la 2.0.10, es vulnerable a una desreferencia de puntero NULL, tal y como se descubrió en la creación descifrada de archivos de imagen JPEG 2000. Un archivo especialmente manipulado podría provocar el cierre inesperado de una aplicación que esté utilizando JasPer. • https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1410026 https://usn.ubuntu.com/3693-1 https://access.redhat.com/security/cve/CVE-2016-9600 • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2017-13748

https://notcve.org/view.php?id=CVE-2017-13748

There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. Existen muchas fugas de memoria en JasPer 2.0.12 que se desencadenan en la función jas_strdup() en base/jas_string.c que podría acabar en un ataque de denegación de servicio remoto. • http://www.securityfocus.com/bid/100514 https://bugzilla.redhat.com/show_bug.cgi?id=1485287 https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 • CWE-772: Missing Release of Resource after Effective Lifetime •

1 2 3 4 5