CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2016-10248 – jasper: NULL pointer dereference in jpc_tsfb_synthesize()
https://notcve.org/view.php?id=CVE-2016-10248
15 Mar 2017 — The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence. La función jpc_tsfb_synthesize en jpc_tsfb.c en JasPer en versiones anteriores a 1.900.9 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de vectores que implican una secuencia vacía. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image... • http://www.securityfocus.com/bid/93797 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10249 – jasper: integer overflow in jas_matrix_create()
https://notcve.org/view.php?id=CVE-2016-10249
15 Mar 2017 — Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función jpc_dec_tiledecode en jpc_dec.c en JasPer en versiones anteriores a 1.900.12 permite a atacantes remotos tener un impacto no especificado a través de un archivo de imagen manipulado, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. It ... • http://www.debian.org/security/2017/dsa-3827 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10250 – Ubuntu Security Notice USN-3693-1
https://notcve.org/view.php?id=CVE-2016-10250
15 Mar 2017 — The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887. La función jp2_colr_destroy en jp2_cod.c en JasPer en versiones anteriores a 1.900.13 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) aprovechando la limpieza incorrecta de datos de... • https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10251 – jasper: integer overflow in jpc_pi_nextcprl(), leading to out-of-bounds read
https://notcve.org/view.php?id=CVE-2016-10251
15 Mar 2017 — Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value. Desbordamiento de entero en la función jpc_pi_nextcprl en jpc_t2cod.c en JasPer en versiones anteriores a 1.900.20 permite a atacantes remotos tener impacto no especificado a través de un archivo manipulado, lo que desencadena el uso de un valor no inicializado. It was discovered that JasPer incorrectly ... • http://www.debian.org/security/2017/dsa-3827 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6850 – Ubuntu Security Notice USN-3693-1
https://notcve.org/view.php?id=CVE-2017-6850
15 Mar 2017 — The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. La función jp2_cdef_destroy en jp2_cod.c en JasPer en versiones anteriores a 2.0.13 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de una imagen manipulada. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer... • https://blogs.gentoo.org/ago/2017/01/25/jasper-null-pointer-dereference-in-jp2_cdef_destroy-jp2_cod-c • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6851 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-6851
15 Mar 2017 — The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. La función jas_matrix_bindsub en jas_seq.c en JasPer 2.0.10 permite a atacantes remotos provocar una denegación de servicio (lectura no válida) a través de una imagen manipulada. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected. • https://blogs.gentoo.org/ago/2017/01/25/jasper-invalid-memory-read-in-jas_matrix_bindsub-jas_seq-c • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6852 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2017-6852
15 Mar 2017 — Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image. Desbordamiento de búfer basado en memoria dinámica en la función jpc_dec_decodepkt en jpc_t2dec.c en JasPer 2.0.10 permite a atacantes remotos tener un impacto no especificado a través de una imagen manipulada. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than... • https://blogs.gentoo.org/ago/2017/01/25/jasper-heap-based-buffer-overflow-in-jpc_dec_decodepkt-jpc_t2dec-c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5498
https://notcve.org/view.php?id=CVE-2017-5498
01 Mar 2017 — libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. libjasper/include/jasper/jas_math.h en JasPer 1.900.17 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores que implican desplazamiento a la izquierda de un valor negativo. • http://www.securityfocus.com/bid/95666 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5499 – HID ActivID ActivClient 7.1.0.202 Denial of Service
https://notcve.org/view.php?id=CVE-2017-5499
01 Mar 2017 — Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. Desbordamiento de entero en libjasper/jpc/jpc_dec.c en JasPer 1.900.17 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo manipulado. HID ActivID ActivClient version 7.1.0.202 appears to include the JasPer library for parsing JPEG 2000 facial images that may be present on PIV cards. It suffers from multiple denial of servi... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5500 – HID ActivID ActivClient 7.1.0.202 Denial of Service
https://notcve.org/view.php?id=CVE-2017-5500
01 Mar 2017 — libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. libjasper/jpc/jpc_dec.c en JasPer 1.900.17 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores que implican desplazamiento a la izquierda de un valor negativo. HID ActivID ActivClient version 7.1.0.202 appears to include the JasPer library for parsing JPEG 2000 facial images that may be present on PIV cards. It ... • http://www.securityfocus.com/bid/95666 •