Page 7 of 41 results (0.013 seconds)

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

CVE-2017-13745

https://notcve.org/view.php?id=CVE-2017-13745

There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. Es posible abortar aserciones alcanzables en la función jpc_dec_process_sot() en jpc/jpc_dec.c en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto desencadenando un valor de retorno jpc_ppmstabtostreams inesperado. Esta vulnerabilidad es diferente de CVE-2018-9154. • http://www.securityfocus.com/bid/100514 https://bugzilla.redhat.com/show_bug.cgi?id=1485274 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html • CWE-617: Reachable Assertion •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2017-13748

https://notcve.org/view.php?id=CVE-2017-13748

There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. Existen muchas fugas de memoria en JasPer 2.0.12 que se desencadenan en la función jas_strdup() en base/jas_string.c que podría acabar en un ataque de denegación de servicio remoto. • http://www.securityfocus.com/bid/100514 https://bugzilla.redhat.com/show_bug.cgi?id=1485287 https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2017-1000050 – jasper: NULL pointer exception in jp2_encode()

https://notcve.org/view.php?id=CVE-2017-1000050

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. JasPer versión 2.0.12 es vulnerable a una excepción de puntero NULL en la función jp2_encode que falló al comprobar si la imagen contenía al menos un componente resultando en una denegación de servicio. • http://www.openwall.com/lists/oss-security/2017/03/06/1 http://www.securityfocus.com/bid/96595 https://access.redhat.com/errata/RHSA-2018:3253 https://access.redhat.com/errata/RHSA-2018:3505 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 https://usn.ubuntu.com • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9782

https://notcve.org/view.php?id=CVE-2017-9782

JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c. JasPer versión 2.0.12, permite a los atacantes remotos causar una denegación de servicio (lectura excesiva de búfer en la región heap de la memoria y bloqueo de aplicación) por medio de una imagen creada, relacionada con la función jp2_decode en el archivo libjasper/jp2/jp2_dec.c. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html https://github.com/mdadams/jasper/issues/140 https://security.gentoo.org/glsa/201908-03 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 3

CVE-2016-8654 – jasper: heap-based buffer overflow in QMFB code in JPC codec

https://notcve.org/view.php?id=CVE-2016-8654

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. Se ha descubierto una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el código QMFB en el codec JPC provocado porque el búfer se asigna con un tamaño demasiado pequeño. Se ha visto afectado jaster en versiones anteriores a la 2.0.0. • http://www.securityfocus.com/bid/94583 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654 https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a https://github.com/mdadams/jasper/issues/93 https://github.com/mdadams/jasper/issues/94 https://www.debian.org/security/2017/dsa-3785 https://access.redhat.com/security/cve/CVE-2016-8654 https://bugzilla.redhat.com/show_bug.cgi?id=1399167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •