Jasper_project Jasper
101 CVEs affecting Jasper_project Jasper. Latest disclosed: 2025-08-11. Critical: 0, High: 36.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-8751 | High | 8.8 | 2020-02-17 | Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, relat… |
CVE-2018-19541 | High | 8.8 | 2018-11-26 | An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.2… |
CVE-2018-19540 | High | 8.8 | 2018-11-26 | An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.2… |
CVE-2023-51257 | High | 7.8 | 2024-01-16 | An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. |
CVE-2020-27828 | High | 7.8 | 2020-12-11 | There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds writ… |
CVE-2018-19543 | High | 7.8 | 2018-11-26 | An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. |
CVE-2016-8654 | High | 7.8 | 2018-08-01 | A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are… |
CVE-2016-9387 | High | 7.8 | 2017-03-23 | Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact vi… |
CVE-2016-8886 | High | 7.8 | 2017-03-23 | The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which t… |
CVE-2017-6852 | High | 7.8 | 2017-03-15 | Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted i… |
CVE-2016-10251 | High | 7.8 | 2017-03-15 | Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file… |
CVE-2016-10249 | High | 7.8 | 2017-03-15 | Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted ima… |
CVE-2016-9560 | High | 7.8 | 2017-02-15 | Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a… |
CVE-2016-8693 | High | 7.8 | 2017-02-15 | Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or p… |
CVE-2016-1577 | High | 7.6 | 2016-04-13 | Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or… |
CVE-2022-2963 | High | 7.5 | 2022-10-14 | A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentat… |
CVE-2018-9154 | High | 7.5 | 2018-05-04 | There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack… |
CVE-2017-14229 | High | 7.5 | 2017-09-09 | There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. |
CVE-2017-13752 | High | 7.5 | 2017-08-29 | There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
CVE-2017-13751 | High | 7.5 | 2017-08-29 | There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |