CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51257 – SUSE Security Advisory - SUSE-SU-2024:0241-1
https://notcve.org/view.php?id=CVE-2023-51257
16 Jan 2024 — An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. Un problema de escritura en memoria no válida en Jasper-Software Jasper v.4.1.1 y anteriores permite a un atacante local ejecutar código arbitrario. This update for jasper fixes the following issues. Fixed an out of bounds write in the JPC encoder. • https://github.com/jasper-software/jasper/issues/367 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-2963 – SUSE Security Advisory - SUSE-SU-2022:3673-1
https://notcve.org/view.php?id=CVE-2022-2963
14 Oct 2022 — A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. Una vulnerabilidad encontrada en jasper. Esta vulnerabilidad de seguridad es producida debido a un fallo de filtrad de memoria en la función cmdopts_parse que puede causar un fallo o una falla de segmentación An update that fixes one vulnerability is now available. This update for jasper fixes the following issues. • https://access.redhat.com/security/cve/CVE-2022-2963 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40755
https://notcve.org/view.php?id=CVE-2022-40755
16 Sep 2022 — JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. JasPer versión 3.0.6, permite la denegación de servicio por medio de una aserción alcanzable en la función inttobits en el archivo libjasper/base/jas_image.c • https://github.com/jasper-software/jasper/issues/338 • CWE-617: Reachable Assertion •