CVE-2017-14232
https://notcve.org/view.php?id=CVE-2017-14232
The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file. La función read_chunk en el archivo flif-dec.cpp en Free Lossless Image Format (FLIF) versión 0.3, permite a los atacantes remotos causar una denegación de servicio (lectura de memoria no válida y bloqueo de aplicación) por medio de un archivo flif diseñado. • https://cxsecurity.com/cveshow/CVE-2017-14232 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-399: Resource Management Errors •
CVE-2018-20622
https://notcve.org/view.php?id=CVE-2018-20622
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. La versión 2.0.14 de JasPer tiene una fuga de memoria en base/jas_malloc.c en libjasper.a cuando se utiliza "--output-format jp2". • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html http://www.securityfocus.com/bid/106373 https://github.com/mdadams/jasper/issues/193 https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-20584
https://notcve.org/view.php?id=CVE-2018-20584
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. JasPer 2.0.14 permite que los atacantes remotos provoquen una denegación de servicio (bloqueo de la aplicación) mediante un intento de conversión al formato jp2. • http://www.securityfocus.com/bid/106356 https://github.com/mdadams/jasper/issues/192 https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html https://security.gentoo.org/glsa/201908-03 https://www.oracle.com/security-alerts/cpuapr2020.html •
CVE-2018-20570
https://notcve.org/view.php?id=CVE-2018-20570
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. jp2_encode en jp2/jp2_enc.c en JasPer 2.0.14 tiene una sobrelectura de búfer basada en memoria dinámica (heap). • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html https://github.com/mdadams/jasper/issues/191 https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-125: Out-of-bounds Read •
CVE-2018-19540
https://notcve.org/view.php?id=CVE-2018-19540
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c. Se ha descubierto un problema en JasPer versiones 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. Existe un desbordamiento de búfer basado en memoria dinámica (heap) del tamaño 1 en la función jas_icctxtdesc_input en libjasper/base/jas_icc.c. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00025.html https://github.com/mdadams/jasper/issues/182 https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-787: Out-of-bounds Write •