CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 3CVE-2016-8654 – jasper: heap-based buffer overflow in QMFB code in JPC codec
https://notcve.org/view.php?id=CVE-2016-8654
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. Se ha descubierto una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el código QMFB en el codec JPC provocado porque el búfer se asigna con un tamaño demasiado pequeño. Se ha visto afectado jaster en versiones anteriores a la 2.0.0. • http://www.securityfocus.com/bid/94583 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654 https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a https://github.com/mdadams/jasper/issues/93 https://github.com/mdadams/jasper/issues/94 https://www.debian.org/security/2017/dsa-3785 https://access.redhat.com/security/cve/CVE-2016-8654 https://bugzilla.redhat.com/show_bug.cgi?id=1399167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2016-9583 – jasper: integer overflows leading to out of bounds read in packet iterators in JPC decoder
https://notcve.org/view.php?id=CVE-2016-9583
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. Se ha detectado una vulnerabilidad de lectura de memoria dinámica (heap) fuera de límites en la función jpc_pi_nextpcrl() de jasper en versiones anteriores a la 2.0.6 al procesar entradas manipuladas. • http://www.securityfocus.com/bid/94925 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9583 https://github.com/mdadams/jasper/commit/aa0b0f79ade5eef8b0e7a214c03f5af54b36ba7d https://github.com/mdadams/jasper/commit/f25486c3d4aa472fec79150f2c41ed4333395d3d https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://access.redhat.com/security/cve/CVE-2016-9583 https://bugzilla.redhat.com/show_bug.cgi?id=1405148 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 1CVE-2016-9591 – jasper: use-after-free / double-free in JPC encoder
https://notcve.org/view.php?id=CVE-2016-9591
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. JasPer, en versiones anteriores a la 2.0.12, es vulnerable a un uso de memoria previamente liberada en la forma en la que descifra ciertos archivos de imagen JPEG 2000. Esto resulta en un cierre inesperado de la aplicación que esté usando JasPer. A use-after-free flaw was found in the way JasPer, before version 2.0.12, decode certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. • http://www.securityfocus.com/bid/94952 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1406405 https://security.gentoo.org/glsa/201707-07 https://www.debian.org/security/2017/dsa-3827 https://access.redhat.com/security/cve/CVE-2016-9591 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2016-9389 – jasper: reachable assertions caused by insufficient component domains checks in ICT/RCT in JPC codec
https://notcve.org/view.php?id=CVE-2016-9389
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). Las funciones jpc_irct y jpc_iict en jpc_mct.c en JasPer en versiones anteriores a 1.900.14 permiten a atacantes remotos provocar una denegación de servicio (fallo de aserción). • http://www.openwall.com/lists/oss-security/2016/11/17/1 http://www.securityfocus.com/bid/94371 https://access.redhat.com/errata/RHSA-2017:1208 https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure https://bugzilla.redhat.com/show_bug.cgi?id=1396963 https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba https://usn.ubuntu.com/3693-1 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://access.redhat.com/security& • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2016-9396 – jasper: reachable assertion in JPC_NOMINALGAIN()
https://notcve.org/view.php?id=CVE-2016-9396
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. La función JPC_NOMINALGAIN en jpc/jpc_t1cod.c en JasPer en la versión 2.0.12 permite a los atacantes remotos causar una denegación de servicio (fallo de aserción JPC_COX_RFT) mediante vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html http://www.openwall.com/lists/oss-security/2016/11/17/1 http://www.securityfocus.com/bid/94379 https://access.redhat.com/errata/RHSA-2018:3253 https://access.redhat.com/errata/RHSA-2018:3505 https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure https://bugzilla.redhat.com/show_bug.cgi?id=1396978 https://bugzilla.redhat.com/show_bug.cgi?id=1485272 https://lists.fedoraproject.org/ • CWE-617: Reachable Assertion •