CVSS: 7.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9262 – jasper: integer truncation in jas_image_cmpt_create()
https://notcve.org/view.php?id=CVE-2016-9262
23 Mar 2017 — Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. Múltiples desbordamientos de entero en la función (1) jas_realloc en base/jas_malloc.c y función (2) mem_resize en base/jas_stream.c en JasPer en versiones anteriores a 1.900.22 permiten a atacantes remotos provocar una denegación de ser... • http://www.openwall.com/lists/oss-security/2016/11/10/4 • CWE-190: Integer Overflow or Wraparound CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2016-9389 – jasper: reachable assertions caused by insufficient component domains checks in ICT/RCT in JPC codec
https://notcve.org/view.php?id=CVE-2016-9389
23 Mar 2017 — The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). Las funciones jpc_irct y jpc_iict en jpc_mct.c en JasPer en versiones anteriores a 1.900.14 permiten a atacantes remotos provocar una denegación de servicio (fallo de aserción). It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image,... • http://www.openwall.com/lists/oss-security/2016/11/17/1 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2016-9396 – jasper: reachable assertion in JPC_NOMINALGAIN()
https://notcve.org/view.php?id=CVE-2016-9396
23 Mar 2017 — The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. La función JPC_NOMINALGAIN en jpc/jpc_t1cod.c en JasPer en la versión 2.0.12 permite a los atacantes remotos causar una denegación de servicio (fallo de aserción JPC_COX_RFT) mediante vectores no especificados. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated syst... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9390 – jasper: insufficient SIZ marker tilexoff and tileyoff checks
https://notcve.org/view.php?id=CVE-2016-9390
23 Mar 2017 — The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. La función jas_seq2d_create en jas_seq.c en JasPer en versiones anteriores a 1.900.14 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción) a través de un archivo de imagen manipulado. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using Ja... • http://www.openwall.com/lists/oss-security/2016/11/17/1 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9387 – jasper: integer overflow in jpc_dec_process_siz()
https://notcve.org/view.php?id=CVE-2016-9387
23 Mar 2017 — Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure. Desbordamiento de entero en la función jpc_dec_process_siz en libjasper/jpc/jpc_dec.c en JasPer en versiones anteriores a 1.900.13 permite a atacantes remotos tener un impacto no especificado a través de un archivo manipulado, lo que desencadena un fallo de aserción. It was discovered that JasPer ... • http://www.openwall.com/lists/oss-security/2016/11/17/1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9394 – jasper: insufficient SIZ marker segment data sanity checks
https://notcve.org/view.php?id=CVE-2016-9394
23 Mar 2017 — The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. La función jas_seq2d_create en jas_seq.c en JasPer en versiones anteriores a 1.900.17 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción) a través de un archivo manipulado. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricke... • http://www.openwall.com/lists/oss-security/2016/11/17/1 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2016-9398
https://notcve.org/view.php?id=CVE-2016-9398
23 Mar 2017 — The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. La función jpc_floorlog2 en jpc_math.c en JasPer en versiones anteriores a 1.900.17 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9557
https://notcve.org/view.php?id=CVE-2016-9557
23 Mar 2017 — Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file. Desbordamiento de entero en jas_image.c en JasPer en versiones anteriores a 1.900.25 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo manipulado. • http://www.openwall.com/lists/oss-security/2016/11/23/2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10250 – Ubuntu Security Notice USN-3693-1
https://notcve.org/view.php?id=CVE-2016-10250
15 Mar 2017 — The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887. La función jp2_colr_destroy en jp2_cod.c en JasPer en versiones anteriores a 1.900.13 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) aprovechando la limpieza incorrecta de datos de... • https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6851 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-6851
15 Mar 2017 — The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. La función jas_matrix_bindsub en jas_seq.c en JasPer 2.0.10 permite a atacantes remotos provocar una denegación de servicio (lectura no válida) a través de una imagen manipulada. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected. • https://blogs.gentoo.org/ago/2017/01/25/jasper-invalid-memory-read-in-jas_matrix_bindsub-jas_seq-c • CWE-125: Out-of-bounds Read •