Page 7 of 95 results (0.008 seconds)

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

CVE-2017-13745

https://notcve.org/view.php?id=CVE-2017-13745

There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. Es posible abortar aserciones alcanzables en la función jpc_dec_process_sot() en jpc/jpc_dec.c en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto desencadenando un valor de retorno jpc_ppmstabtostreams inesperado. Esta vulnerabilidad es diferente de CVE-2018-9154. • http://www.securityfocus.com/bid/100514 https://bugzilla.redhat.com/show_bug.cgi?id=1485274 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html • CWE-617: Reachable Assertion •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2017-13748

https://notcve.org/view.php?id=CVE-2017-13748

There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. Existen muchas fugas de memoria en JasPer 2.0.12 que se desencadenan en la función jas_strdup() en base/jas_string.c que podría acabar en un ataque de denegación de servicio remoto. • http://www.securityfocus.com/bid/100514 https://bugzilla.redhat.com/show_bug.cgi?id=1485287 https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2017-1000050 – jasper: NULL pointer exception in jp2_encode()

https://notcve.org/view.php?id=CVE-2017-1000050

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. JasPer versión 2.0.12 es vulnerable a una excepción de puntero NULL en la función jp2_encode que falló al comprobar si la imagen contenía al menos un componente resultando en una denegación de servicio. • http://www.openwall.com/lists/oss-security/2017/03/06/1 http://www.securityfocus.com/bid/96595 https://access.redhat.com/errata/RHSA-2018:3253 https://access.redhat.com/errata/RHSA-2018:3505 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 https://usn.ubuntu.com • CWE-476: NULL Pointer Dereference •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2015-8751

https://notcve.org/view.php?id=CVE-2015-8751

Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. Un desbordamiento de enteros en la función jas_matrix_create en JasPer, permite a atacantes dependiendo del contexto tener un impacto no especificado por medio de una imagen JPEG 2000 diseñada, relacionada con la multiplicación de enteros para una asignación de memoria. • http://www.openwall.com/lists/oss-security/2016/01/07/10 http://www.openwall.com/lists/oss-security/2016/01/08/2 http://www.openwall.com/lists/oss-security/2016/01/11/3 http://www.securityfocus.com/bid/80035 https://bugzilla.redhat.com/show_bug.cgi?id=1294039 https://lists.apache.org/thread.html/re28d4c3c5b77138de47bf5b2ad04886d9104eb74ae3594e5f7254318%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rf15130c7b5f703664ce57a97934ffb8cc6065cbb1bf678dca8651519%40%3Cdev.tomcat.apache.org%3E • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9782

https://notcve.org/view.php?id=CVE-2017-9782

JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c. JasPer versión 2.0.12, permite a los atacantes remotos causar una denegación de servicio (lectura excesiva de búfer en la región heap de la memoria y bloqueo de aplicación) por medio de una imagen creada, relacionada con la función jp2_decode en el archivo libjasper/jp2/jp2_dec.c. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html https://github.com/mdadams/jasper/issues/140 https://security.gentoo.org/glsa/201908-03 • CWE-125: Out-of-bounds Read •