Page 2 of 96 results (0.005 seconds)

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1

A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. Se encontró un fallo en jaspe versiones anteriores a 2.0.25. Se encontró un problema de lectura fuera de límites en la función jp2_decode que puede conllevar a una divulgación de información o un bloqueo del programa • https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b https://github.com/jasper-software/jasper/issues/264 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI https://access.redhat.com/security/cve • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. En la función jp2_decode en el archivo jp2/jp2_dec.c en libjasper en JasPer versión 2.0.24, presenta una lectura excesiva del búfer en la región heap de la memoria cuando existe una relación no válida entre el número de canales y el número de componentes de la imagen • https://github.com/jasper-software/jasper/issues/259 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BZFU2F6UW4L2FJE65WJLWGUIELDWCL7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD2Y2LT4N5ZWCMKYCUIKB3XODNJLOW3J https://access.redhat.com/security/cve/CVE-2021-3272 https://bugzilla.redhat.com/show_bug.cgi?id=1921325 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. Se presenta un fallo en el codificador jpc de jasper en versiones anteriores a 2.0.23. Una entrada diseñada proporcionada a jasper por un atacante podría causar una escritura arbitraria fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1905201 https://github.com/jasper-software/jasper/issues/252 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COBEVDBUO3QTNR6YQBBTIQKNIB6W3MJ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBZZ2SNTQ4BSA6PNJCTOAKXIAXYNNF6V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40l • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file. La función read_chunk en el archivo flif-dec.cpp en Free Lossless Image Format (FLIF) versión 0.3, permite a los atacantes remotos causar una denegación de servicio (lectura de memoria no válida y bloqueo de aplicación) por medio de un archivo flif diseñado. • https://cxsecurity.com/cveshow/CVE-2017-14232 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-399: Resource Management Errors •

CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0

JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. La versión 2.0.14 de JasPer tiene una fuga de memoria en base/jas_malloc.c en libjasper.a cuando se utiliza "--output-format jp2". • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html http://www.securityfocus.com/bid/106373 https://github.com/mdadams/jasper/issues/193 https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-772: Missing Release of Resource after Effective Lifetime •