← Back

Jasper Project

jasper_project

101 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Jasper
jasper
101 CVEs

CVEs (101)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-9560
3Debian
Jasper ProjectRedhat
8Debian Linux
Enterprise Linux DesktopEnterprise Linux Eus+5 more
May 13, 2026
Feb 15, 2017
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
CVE-2016-8693
3Fedoraproject
Jasper ProjectOpensuse
3Fedora
JasperOpensuse
May 13, 2026
Feb 15, 2017
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the...Show more
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.Show less
CVE-2016-8692
3Debian
FedoraprojectJasper Project
3Debian Linux
FedoraJasper
May 13, 2026
Feb 15, 2017
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP im...Show more
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.Show less
CVE-2016-8691
3Debian
FedoraprojectJasper Project
3Debian Linux
FedoraJasper
May 13, 2026
Feb 15, 2017
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP im...Show more
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.Show less
CVE-2016-8690
2Fedoraproject
Jasper Project
2Fedora
Jasper
May 13, 2026
Feb 15, 2017
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
CVE-2016-8883
1Jasper Project
1Jasper
May 13, 2026
Jan 13, 2017
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-8882
1Jasper Project
1Jasper
May 13, 2026
Jan 13, 2017
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVE-2016-2116
2Canonical
Jasper Project
2Jasper
Ubuntu Linux
May 6, 2026
Apr 13, 2016
N/A· v4
5.7 MEDIUM· v3
4.3 MEDIUM· v2
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.
CVE-2016-1577
2Canonical
Jasper Project
2Jasper
Ubuntu Linux
May 6, 2026
Apr 13, 2016
N/A· v4
7.6 HIGH· v3
6.8 MEDIUM· v2
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profi...Show more
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.Show less
CVE-2016-2089
1Jasper Project
1Jasper
May 6, 2026
Feb 8, 2016
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
CVE-2016-1867
1Jasper Project
1Jasper
May 6, 2026
Jan 20, 2016
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
CVE-2014-8158
4Debian
Jasper ProjectOpensuse+1 more
4Debian Linux
Enterprise LinuxJasper+1 more
May 6, 2026
Jan 26, 2015
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
CVE-2014-8157
4Debian
Jasper ProjectOpensuse+1 more
4Debian Linux
Enterprise LinuxJasper+1 more
May 6, 2026
Jan 26, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which trig...Show more
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.Show less
CVE-2014-8138
2Jasper Project
Redhat
2Enterprise Linux
Jasper
May 6, 2026
Dec 24, 2014
N/A· v4
N/A· v3
7.5 HIGH· v2
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
CVE-2014-8137
2Jasper Project
Redhat
2Enterprise Linux
Jasper
May 6, 2026
Dec 24, 2014
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profi...Show more
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.Show less
CVE-2014-9029
1Jasper Project
1Jasper
May 6, 2026
Dec 8, 2014
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file,...Show more
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.Show less
CVE-2011-4517
7Canonical
DebianFedoraproject+4 more
9Debian Linux
Enterprise Linux DesktopFedora+6 more
Apr 29, 2026
Dec 15, 2011
N/A· v4
N/A· v3
6.8 MEDIUM· v2
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute a...Show more
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.Show less
CVE-2011-4516
6Canonical
DebianFedoraproject+3 more
8Debian Linux
FedoraJasper+5 more
Apr 29, 2026
Dec 15, 2011
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted...Show more
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.Show less
CVE-2008-3522
2Jasper Project
Redhat
2Enterprise Virtualization
Jasper
Apr 23, 2026
Oct 2, 2008
N/A· v4
N/A· v3
10.0 HIGH· v2
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use...Show more
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.Show less
CVE-2008-3521
1Jasper Project
1Jasper
Apr 23, 2026
Oct 2, 2008
N/A· v4
N/A· v3
7.2 HIGH· v2
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file,...Show more
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.Show less