U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 53 matching records.
Displaying matches 41 through 53.
Vuln ID Summary CVSS Severity
CVE-2016-1577

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.

Published: April 13, 2016; 10:59:08 AM -0400
V3.0: 7.6 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-2089

The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.

Published: February 08, 2016; 2:59:06 PM -0500
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1867

The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

Published: January 20, 2016; 11:59:02 AM -0500
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-8158

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

Published: January 26, 2015; 10:59:09 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-8157

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

Published: January 26, 2015; 10:59:04 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8138

Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.

Published: December 24, 2014; 1:59:02 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8137

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

Published: December 24, 2014; 1:59:01 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-9029

Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.

Published: December 08, 2014; 11:59:03 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-4517

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.

Published: December 14, 2011; 10:57:34 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-4516

Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.

Published: December 14, 2011; 10:57:34 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-3522

Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

Published: October 02, 2008; 2:18:05 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-3521

Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.

Published: October 02, 2008; 2:18:05 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2008-3520

Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.

Published: October 02, 2008; 2:18:05 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH