CVE-2018-19539
https://notcve.org/view.php?id=CVE-2018-19539
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. Se ha descubierto un problema en JasPer 2.0.14. Hay una violación de acceso en la función jas_image_readcmpt en libjasper/base/jas_image.c, provocando una denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html https://github.com/mdadams/jasper/issues/182 https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-617: Reachable Assertion •
CVE-2018-19139
https://notcve.org/view.php?id=CVE-2018-19139
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. Se ha detectado un problema en JasPer 2.0.14. Hay una fuga de memoria en jas_malloc.c cuando se le llama desde jpc_unk_getparms en jpc_cs.c. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html http://www.securityfocus.com/bid/105956 https://github.com/mdadams/jasper/issues/188 https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-18873
https://notcve.org/view.php?id=CVE-2018-18873
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. Se ha descubierto un problema en JasPer 2.0.14. Hay una desreferencia de puntero NULL en la función ras_putdatastd en ras/ras_enc.c. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html https://github.com/mdadams/jasper/issues/184 https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html https://security.gentoo.org/glsa/201908-03 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-476: NULL Pointer Dereference •
CVE-2018-9154
https://notcve.org/view.php?id=CVE-2018-9154
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745. Se presenta un aborto alcanzable en la función jpc_dec_process_sot en el archivo libjasper/jpc/jpc_dec.c de JasPer versión 2.0.14, que permitirá a un ataque remoto de Denegación de Servicio (DoS) al desencadenar un valor de retorno inesperado jas_alloc2, una vulnerabilidad diferente a CVE-2017-13745. • https://drive.google.com/drive/u/2/folders/1YuxdfbZrw79kfzoQz0PpxIutZ7pkf_kW https://security.gentoo.org/glsa/201908-03 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-20: Improper Input Validation •
CVE-2018-9252
https://notcve.org/view.php?id=CVE-2018-9252
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. JasPer 2.0.14 permite una denegación de servicio (DoS) mediante una aserción alcanzable en la función jpc_abstorelstepsize en libjasper/jpc/jpc_enc.c. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html https://github.com/mdadams/jasper/issues/173 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-617: Reachable Assertion •