Search CVE reports


Toggle filters

51 – 60 of 112 results


CVE-2017-1000050

Low priority

Some fixes available 2 of 3

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Fixed
Show less packages

CVE-2017-5529

Medium priority
Needs evaluation

JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library...

1 affected package

jasperreports

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasperreports Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2017-5528

Medium priority
Vulnerable

Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the...

1 affected package

jasperreports

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasperreports Not in release Not in release Not in release Not affected Vulnerable
Show less packages

CVE-2017-9782

Negligible priority

Some fixes available 1 of 2

JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Fixed
Show less packages

CVE-2016-8884

Medium priority

Some fixes available 2 of 4

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this...

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Fixed
Show less packages

CVE-2016-9557

Low priority
Ignored

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Ignored
Show less packages

CVE-2016-9399

Negligible priority
Vulnerable

The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2016-9398

Negligible priority
Vulnerable

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2016-9397

Negligible priority
Vulnerable

The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2016-9395

Negligible priority
Ignored

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

1 affected package

jasper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jasper Not in release Ignored
Show less packages