U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:jasper_project:jasper:1.900.17:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 29 matching records.
Displaying matches 21 through 29.
Vuln ID Summary CVSS Severity
CVE-2016-10251

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

Published: March 15, 2017; 10:59:00 AM -0400 		V3.0: 7.8 HIGH
 V2.0: 6.8 MEDIUM
CVE-2017-5504

The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

Published: March 01, 2017; 10:59:00 AM -0500 		V3.0: 5.5 MEDIUM
 V2.0: 4.3 MEDIUM
CVE-2017-5502

libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

Published: March 01, 2017; 10:59:00 AM -0500 		V3.0: 5.5 MEDIUM
 V2.0: 4.3 MEDIUM
CVE-2017-5501

Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.

Published: March 01, 2017; 10:59:00 AM -0500 		V3.0: 5.5 MEDIUM
 V2.0: 4.3 MEDIUM
CVE-2017-5500

libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

Published: March 01, 2017; 10:59:00 AM -0500 		V3.0: 5.5 MEDIUM
 V2.0: 4.3 MEDIUM
CVE-2017-5499

Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.

Published: March 01, 2017; 10:59:00 AM -0500 		V3.0: 5.5 MEDIUM
 V2.0: 4.3 MEDIUM
CVE-2017-5498

libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

Published: March 01, 2017; 10:59:00 AM -0500 		V3.0: 5.5 MEDIUM
 V2.0: 4.3 MEDIUM
CVE-2016-9560

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

Published: February 15, 2017; 2:59:01 PM -0500 		V3.1: 7.8 HIGH
 V2.0: 6.8 MEDIUM
CVE-2016-8690

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.

Published: February 15, 2017; 2:59:00 PM -0500 		V3.0: 5.5 MEDIUM
 V2.0: 4.3 MEDIUM