Page 2 of 10 results (0.008 seconds)

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1

A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. Se encontró un fallo en jaspe versiones anteriores a 2.0.25. Se encontró un problema de lectura fuera de límites en la función jp2_decode que puede conllevar a una divulgación de información o un bloqueo del programa • https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b https://github.com/jasper-software/jasper/issues/264 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI https://access.redhat.com/security/cve • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. Se presenta un fallo en el codificador jpc de jasper en versiones anteriores a 2.0.23. Una entrada diseñada proporcionada a jasper por un atacante podría causar una escritura arbitraria fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1905201 https://github.com/jasper-software/jasper/issues/252 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COBEVDBUO3QTNR6YQBBTIQKNIB6W3MJ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBZZ2SNTQ4BSA6PNJCTOAKXIAXYNNF6V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40l • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file. La función read_chunk en el archivo flif-dec.cpp en Free Lossless Image Format (FLIF) versión 0.3, permite a los atacantes remotos causar una denegación de servicio (lectura de memoria no válida y bloqueo de aplicación) por medio de un archivo flif diseñado. • https://cxsecurity.com/cveshow/CVE-2017-14232 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. Existe un bucle infinito en la función jpc_dec_tileinit en jpc/jpc_dec.c en Jasper 2.0.13. Esto podría permitir que se realice un ataque de denegación de servicio remoto. • http://www.securityfocus.com/bid/100861 https://github.com/mdadams/jasper/issues/146 https://security.gentoo.org/glsa/201908-03 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c. JasPer versiones 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 permite a los atacantes remotos provocar una denegación de servicio (sobrelectura de búfer basado en montículos y fallo de aplicación) mediante una imagen manipulada relacionada con la función jas_image_ishomosamp en libjasper/base/jas_image.c • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html https://github.com/mdadams/jasper/issues/147 https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security • CWE-125: Out-of-bounds Read •