CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 1CVE-2017-13748 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-13748
29 Aug 2017 — There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. Existen muchas fugas de memoria en JasPer 2.0.12 que se desencadenan en la función jas_strdup() en base/jas_string.c que podría acabar en un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affecte... • http://www.securityfocus.com/bid/100514 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2017-13749 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-13749
29 Aug 2017 — There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función jpc_pi_nextrpcl() en jpc_t2cod.c en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected. • http://www.securityfocus.com/bid/100514 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2017-13750 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-13750
29 Aug 2017 — There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función jpc_dec_process_siz() en jpc/jpc_dec.c:1296 en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected. • http://www.securityfocus.com/bid/100514 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2017-13751 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-13751
29 Aug 2017 — There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función calcstepsizes() en jpc/jpc_dec.c en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected. • http://www.securityfocus.com/bid/100514 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2017-13752 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-13752
29 Aug 2017 — There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función jpc_dequantize() en jpc/jpc_dec.c en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected. • http://www.securityfocus.com/bid/100514 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2017-1000050 – jasper: NULL pointer exception in jp2_encode()
https://notcve.org/view.php?id=CVE-2017-1000050
13 Jul 2017 — JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. JasPer versión 2.0.12 es vulnerable a una excepción de puntero NULL en la función jp2_encode que falló al comprobar si la imagen contenía al menos un componente resultando en una denegación de servicio. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated sys... • http://www.openwall.com/lists/oss-security/2017/03/06/1 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2015-8751 – Gentoo Linux Security Advisory 201707-07
https://notcve.org/view.php?id=CVE-2015-8751
09 Jul 2017 — Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. Un desbordamiento de enteros en la función jas_matrix_create en JasPer, permite a atacantes dependiendo del contexto tener un impacto no especificado por medio de una imagen JPEG 2000 diseñada, relacionada con la multiplicación de enteros para una asignación de memoria. Multiple vulnerabilities have ... • http://www.openwall.com/lists/oss-security/2016/01/07/10 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9782 – Ubuntu Security Notice USN-4688-1
https://notcve.org/view.php?id=CVE-2017-9782
21 Jun 2017 — JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c. JasPer versión 2.0.12, permite a los atacantes remotos causar una denegación de servicio (lectura excesiva de búfer en la región heap de la memoria y bloqueo de aplicación) por medio de una imagen creada, relacionada con la función jp2_decode en el archivo libjasper/jp2/jp2_dec.c. It was discovered that Jasp... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 3CVE-2016-8654 – jasper: heap-based buffer overflow in QMFB code in JPC codec
https://notcve.org/view.php?id=CVE-2016-8654
10 May 2017 — A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. Se ha descubierto una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el código QMFB en el codec JPC provocado porque el búfer se asigna con un tamaño demasiado pequeño. Se ha visto afectado jaster en versiones anteriores a la 2.0.0. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000... • http://www.securityfocus.com/bid/94583 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2015-5203 – jasper: integer overflow in jas_image_cmpt_create()
https://notcve.org/view.php?id=CVE-2015-5203
10 May 2017 — Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. Una vulnerabilidad de liberación doble (double free) en la función jasper_image_stop_load en JasPer 1.900.17 permite que atacantes remotos provoquen una denegación de servicio utilizando un archivo de imagen JPEG 2000 manipulado. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user ... • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html • CWE-190: Integer Overflow or Wraparound CWE-415: Double Free •