CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9055
https://notcve.org/view.php?id=CVE-2018-9055
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. JasPer 2.0.14 permite que se produzca una denegación de servicio (DoS) mediante una aserción accesible en la función jpc_firstone en libjasper/jpc/jpc_math.c. • http://www.securityfocus.com/bid/103577 https://github.com/mdadams/jasper/issues/172 https://security.gentoo.org/glsa/201908-03 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2016-9600 – jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_
https://notcve.org/view.php?id=CVE-2016-9600
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. JasPer, en versiones anteriores a la 2.0.10, es vulnerable a una desreferencia de puntero NULL, tal y como se descubrió en la creación descifrada de archivos de imagen JPEG 2000. Un archivo especialmente manipulado podría provocar el cierre inesperado de una aplicación que esté utilizando JasPer. • https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1410026 https://usn.ubuntu.com/3693-1 https://access.redhat.com/security/cve/CVE-2016-9600 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14229
https://notcve.org/view.php?id=CVE-2017-14229
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. Existe un bucle infinito en la función jpc_dec_tileinit en jpc/jpc_dec.c en Jasper 2.0.13. Esto podría permitir que se realice un ataque de denegación de servicio remoto. • http://www.securityfocus.com/bid/100861 https://github.com/mdadams/jasper/issues/146 https://security.gentoo.org/glsa/201908-03 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14132
https://notcve.org/view.php?id=CVE-2017-14132
JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c. JasPer versiones 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 permite a los atacantes remotos provocar una denegación de servicio (sobrelectura de búfer basado en montículos y fallo de aplicación) mediante una imagen manipulada relacionada con la función jas_image_ishomosamp en libjasper/base/jas_image.c • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html https://github.com/mdadams/jasper/issues/147 https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2017-13746
https://notcve.org/view.php?id=CVE-2017-13746
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función jpc_dec_process_siz() en jpc/jpc_dec.c:1297 en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto. • http://www.securityfocus.com/bid/100514 https://bugzilla.redhat.com/show_bug.cgi?id=1485286 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 • CWE-617: Reachable Assertion •