Search CVE reports


Toggle filters

11 – 20 of 112 results


CVE-2021-3467

Medium priority
Vulnerable

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the...

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2021-3443

Medium priority
Vulnerable

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper...

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2021-26927

Low priority
Vulnerable

A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2021-26926

Low priority
Vulnerable

A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2021-3272

Low priority
Vulnerable

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2020-27828

Medium priority
Fixed

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or...

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Fixed
Show less packages

CVE-2015-8751

Medium priority
Not affected

Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.

3 affected packages

ghostscript, jasper, netpbm-free

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript
jasper
netpbm-free
Show less packages

CVE-2018-20622

Negligible priority
Vulnerable

JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2018-20584

Negligible priority
Vulnerable

JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2018-20570

Negligible priority
Vulnerable

jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Not in release Not in release Vulnerable
Show less packages