Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jasper
(Jasper_project)| Repositories | https://github.com/mdadams/jasper |
| #Vulnerabilities | 100 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-03-01 | CVE-2017-5502 | libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | Jasper | 5.5 | ||
| 2017-03-01 | CVE-2017-5500 | libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | Jasper | 5.5 | ||
| 2017-03-01 | CVE-2017-5498 | libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | Jasper | 5.5 | ||
| 2017-09-09 | CVE-2017-14229 | There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. | Jasper | 7.5 | ||
| 2018-05-04 | CVE-2018-9154 | There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745. | Jasper | 7.5 | ||
| 2018-03-27 | CVE-2018-9055 | JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. | Jasper | 5.5 | ||
| 2017-06-21 | CVE-2017-9782 | JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c. | Jasper | 5.5 | ||
| 2017-03-15 | CVE-2017-6852 | Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image. | Jasper | 7.8 | ||
| 2017-03-15 | CVE-2017-6851 | The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. | Jasper | 5.5 | ||
| 2018-11-26 | CVE-2018-19542 | An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. | Ubuntu_linux, Debian_linux, Jasper, Leap, Linux_enterprise_desktop, Linux_enterprise_server | 6.5 |