CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2017-13749 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-13749
29 Aug 2017 — There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función jpc_pi_nextrpcl() en jpc_t2cod.c en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected. • http://www.securityfocus.com/bid/100514 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2017-13750 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-13750
29 Aug 2017 — There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función jpc_dec_process_siz() en jpc/jpc_dec.c:1296 en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected. • http://www.securityfocus.com/bid/100514 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2017-13751 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-13751
29 Aug 2017 — There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función calcstepsizes() en jpc/jpc_dec.c en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected. • http://www.securityfocus.com/bid/100514 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2017-13752 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-13752
29 Aug 2017 — There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función jpc_dequantize() en jpc/jpc_dec.c en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected. • http://www.securityfocus.com/bid/100514 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 1CVE-2017-13748 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-13748
29 Aug 2017 — There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. Existen muchas fugas de memoria en JasPer 2.0.12 que se desencadenan en la función jas_strdup() en base/jas_string.c que podría acabar en un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affecte... • http://www.securityfocus.com/bid/100514 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2017-1000050 – jasper: NULL pointer exception in jp2_encode()
https://notcve.org/view.php?id=CVE-2017-1000050
13 Jul 2017 — JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. JasPer versión 2.0.12 es vulnerable a una excepción de puntero NULL en la función jp2_encode que falló al comprobar si la imagen contenía al menos un componente resultando en una denegación de servicio. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated sys... • http://www.openwall.com/lists/oss-security/2017/03/06/1 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2015-8751 – Gentoo Linux Security Advisory 201707-07
https://notcve.org/view.php?id=CVE-2015-8751
09 Jul 2017 — Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. Un desbordamiento de enteros en la función jas_matrix_create en JasPer, permite a atacantes dependiendo del contexto tener un impacto no especificado por medio de una imagen JPEG 2000 diseñada, relacionada con la multiplicación de enteros para una asignación de memoria. Multiple vulnerabilities have ... • http://www.openwall.com/lists/oss-security/2016/01/07/10 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9782 – Ubuntu Security Notice USN-4688-1
https://notcve.org/view.php?id=CVE-2017-9782
21 Jun 2017 — JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c. JasPer versión 2.0.12, permite a los atacantes remotos causar una denegación de servicio (lectura excesiva de búfer en la región heap de la memoria y bloqueo de aplicación) por medio de una imagen creada, relacionada con la función jp2_decode en el archivo libjasper/jp2/jp2_dec.c. An update that fixes 14 vul... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2016-9583 – jasper: integer overflows leading to out of bounds read in packet iterators in JPC decoder
https://notcve.org/view.php?id=CVE-2016-9583
10 May 2017 — An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. Se ha detectado una vulnerabilidad de lectura de memoria dinámica (heap) fuera de límites en la función jpc_pi_nextpcrl() de jasper en versiones anteriores a la 2.0.6 al procesar entradas manipuladas. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. ... • http://www.securityfocus.com/bid/94925 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2016-9600 – jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_
https://notcve.org/view.php?id=CVE-2016-9600
10 May 2017 — JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. JasPer, en versiones anteriores a la 2.0.10, es vulnerable a una desreferencia de puntero NULL, tal y como se descubrió en la creación descifrada de archivos de imagen JPEG 2000. Un archivo especialmente manipulado podría provocar el cierre inesperado de una aplicación que esté utilizando JasPer. It was... • https://access.redhat.com/errata/RHSA-2017:1208 • CWE-476: NULL Pointer Dereference •