CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 1CVE-2016-9591 – jasper: use-after-free / double-free in JPC encoder
https://notcve.org/view.php?id=CVE-2016-9591
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. JasPer, en versiones anteriores a la 2.0.12, es vulnerable a un uso de memoria previamente liberada en la forma en la que descifra ciertos archivos de imagen JPEG 2000. Esto resulta en un cierre inesperado de la aplicación que esté usando JasPer. A use-after-free flaw was found in the way JasPer, before version 2.0.12, decode certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. • http://www.securityfocus.com/bid/94952 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1406405 https://security.gentoo.org/glsa/201707-07 https://www.debian.org/security/2017/dsa-3827 https://access.redhat.com/security/cve/CVE-2016-9591 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9262 – jasper: integer truncation in jas_image_cmpt_create()
https://notcve.org/view.php?id=CVE-2016-9262
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. Múltiples desbordamientos de entero en la función (1) jas_realloc en base/jas_malloc.c y función (2) mem_resize en base/jas_stream.c en JasPer en versiones anteriores a 1.900.22 permiten a atacantes remotos provocar una denegación de servicio a través de una imagen manipulada, lo que desencadena vulnerabilidades de uso después de liberación. • http://www.openwall.com/lists/oss-security/2016/11/10/4 http://www.securityfocus.com/bid/94224 https://access.redhat.com/errata/RHSA-2017:1208 https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c https://bugzilla.redhat.com/show_bug.cgi?id=1393882 https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735 https://security.gentoo.org/glsa/201707-07 https://usn.ubuntu.com/3693-1 https://access.redhat.com/security/cv • CWE-190: Integer Overflow or Wraparound CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9388 – jasper: reachable assertions in RAS encoder/decoder
https://notcve.org/view.php?id=CVE-2016-9388
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. La función ras_getcmap de ras_dec.c en JasPer en versiones anteriores a 1.900.14 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción) a través de un archivo de imagen manipulado. • http://www.openwall.com/lists/oss-security/2016/11/17/1 http://www.securityfocus.com/bid/94371 https://access.redhat.com/errata/RHSA-2017:1208 https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure https://bugzilla.redhat.com/show_bug.cgi?id=1396962 https://github.com/mdadams/jasper/commit/411a4068f8c464e883358bf403a3e25158863823 https://usn.ubuntu.com/3693-1 https://access.redhat.com/security/cve/CVE-2016-9388 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9392 – jasper: insufficient SIZ marker segment data sanity checks
https://notcve.org/view.php?id=CVE-2016-9392
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. La función calcstepsizes en jpc_dec.c en JasPer en versiones anteriores a 1.900.17 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción) a través de un archivo manipulado. • http://www.openwall.com/lists/oss-security/2016/11/17/1 http://www.securityfocus.com/bid/94377 https://access.redhat.com/errata/RHSA-2017:1208 https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure https://bugzilla.redhat.com/show_bug.cgi?id=1396971 https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 https://usn.ubuntu.com/3693-1 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://access.redhat.com/security& • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9394 – jasper: insufficient SIZ marker segment data sanity checks
https://notcve.org/view.php?id=CVE-2016-9394
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. La función jas_seq2d_create en jas_seq.c en JasPer en versiones anteriores a 1.900.17 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción) a través de un archivo manipulado. • http://www.openwall.com/lists/oss-security/2016/11/17/1 http://www.securityfocus.com/bid/94372 https://access.redhat.com/errata/RHSA-2017:1208 https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure https://bugzilla.redhat.com/show_bug.cgi?id=1396975 https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 https://usn.ubuntu.com/3693-1 https://access.redhat.com/security/cve/CVE-2016-9394 https://bugzilla.redhat.com/show_bug.cgi?id=139 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •