CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5499 – HID ActivID ActivClient 7.1.0.202 Denial of Service
https://notcve.org/view.php?id=CVE-2017-5499
01 Mar 2017 — Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. Desbordamiento de entero en libjasper/jpc/jpc_dec.c en JasPer 1.900.17 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo manipulado. HID ActivID ActivClient version 7.1.0.202 appears to include the JasPer library for parsing JPEG 2000 facial images that may be present on PIV cards. It suffers from multiple denial of servi... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5500 – HID ActivID ActivClient 7.1.0.202 Denial of Service
https://notcve.org/view.php?id=CVE-2017-5500
01 Mar 2017 — libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. libjasper/jpc/jpc_dec.c en JasPer 1.900.17 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores que implican desplazamiento a la izquierda de un valor negativo. HID ActivID ActivClient version 7.1.0.202 appears to include the JasPer library for parsing JPEG 2000 facial images that may be present on PIV cards. It ... • http://www.securityfocus.com/bid/95666 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5501
https://notcve.org/view.php?id=CVE-2017-5501
01 Mar 2017 — Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. Desbordamiento de entero en libjasper/jpc/jpc_tsfb.c en JasPer 1.900.17 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo manipulado. • http://www.securityfocus.com/bid/95666 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5502 – HID ActivID ActivClient 7.1.0.202 Denial of Service
https://notcve.org/view.php?id=CVE-2017-5502
01 Mar 2017 — libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. libjasper/jp2/jp2_dec.c en JasPer 1.900.17 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores que implican desplazamiento a la izquierda de un valor negativo. HID ActivID ActivClient version 7.1.0.202 appears to include the JasPer library for parsing JPEG 2000 facial images that may be present on PIV cards. It ... • http://www.securityfocus.com/bid/95666 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5504 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-5504
01 Mar 2017 — The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. La función jpc_undo_roi en libjasper/jpc/jpc_dec.c en JasPer 1.900.27 permite a atacantes remotos provocar una denegación de servicio (escritura de memoria invalida y caída) o posiblemente tener otro impacto no especificado través de una imagen manipulada. Multiple vulnerabilities have been found in JasPer, the worst of which could ... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 2CVE-2016-8690 – jasper: missing jas_matrix_create() parameter checks
https://notcve.org/view.php?id=CVE-2016-8690
15 Feb 2017 — The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. La función bmp_getdata en libjasper/bmp/bmp_dec.c en JasPer en versiones anteriores a 1.900.5 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de una imagen BMP manipulada en un comando imginfo. JasPer is an implementation of Part 1 of the JPEG 2000 image ... • http://www.openwall.com/lists/oss-security/2016/08/23/6 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2016-8691 – jasper: missing SIZ marker segment XRsiz and YRsiz fields range check
https://notcve.org/view.php?id=CVE-2016-8691
15 Feb 2017 — The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. La función jpc_dec_process_siz en libjasper/jpc/jpc_dec.c en JasPer en versiones anteriores a 1.900.4 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y bloqueo de la aplicación) a través de un valor XRsiz manipulado en u... • http://www.debian.org/security/2017/dsa-3785 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2016-8692 – jasper: missing SIZ marker segment XRsiz and YRsiz fields range check
https://notcve.org/view.php?id=CVE-2016-8692
15 Feb 2017 — The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. La función jpc_dec_process_siz en libjasper/jpc/jpc_dec.c en JasPer en versiones anteriores a 1.900.4 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y bloqueo de la aplicación) a través de un valor YRsiz manipulado en u... • http://www.debian.org/security/2017/dsa-3785 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2016-8693 – jasper: incorrect handling of bufsize 0 in mem_resize()
https://notcve.org/view.php?id=CVE-2016-8693
15 Feb 2017 — Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. Vulnerabilidad de liberación doble en la función mem_close en jas_stream.c en JasPer en versiones anteriores a 1.900.10 permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una imagen BMP manipulada al... • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 3CVE-2016-9560 – jasper: stack-based buffer overflow in jpc_dec_tileinit()
https://notcve.org/view.php?id=CVE-2016-9560
15 Feb 2017 — Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. El desbordamiento del búfer basado en la pila en la función jpc_tsfb_getbands2 en jpc_tsfb.c en JasPer antes de la versión 1.900.30 permite a los atacantes remotos tener un impacto no especificado a través de una imagen manipulada It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or au... • http://www.debian.org/security/2017/dsa-3785 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •