threat
engine
.sh
Back
·
··:··
Home
/
Product
/
jasper project jasper
Product
jasper project jasper
106 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-8837
<= 4.2.5
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec
5.3
MEDIUM
CVE-2025-8836
<= 4.2.5
A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasp
3.3
LOW
CVE-2025-8835
<= 4.2.5
A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src
3.3
LOW
CVE-2023-51257
<= 4.1.1
An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
7.8
HIGH
CVE-2022-2963
all versions
A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that c
7.5
HIGH
CVE-2022-40755
all versions
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.
5.5
MEDIUM
CVE-2021-27845
>= 2.0.0 and < 2.0.17
A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c
5.5
MEDIUM
CVE-2021-3467
< 2.0.26
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the
5.5
MEDIUM
CVE-2021-3443
< 2.0.27
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image f
5.5
MEDIUM
CVE-2021-26927
< 2.0.25
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and deni
5.5
MEDIUM
CVE-2021-26926
< 2.0.25
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure
7.1
HIGH
CVE-2021-3272
all versions
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship
5.5
MEDIUM
CVE-2020-27828
< 2.0.23
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an
7.8
HIGH
CVE-2015-8751
< 1.900.4
Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a c
8.8
HIGH
CVE-2017-14232
<= 2.0.16
The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of serv
5.5
MEDIUM
CVE-2018-20622
all versions
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
6.5
MEDIUM
CVE-2018-20584
all versions
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 forma
6.5
MEDIUM
CVE-2018-20570
all versions
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
6.5
MEDIUM
CVE-2018-19543
all versions
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper
7.8
HIGH
CVE-2018-19542
all versions
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.
6.5
MEDIUM
CVE-2018-19541
all versions
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17
8.8
HIGH
CVE-2018-19540
all versions
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17
8.8
HIGH
CVE-2018-19539
all versions
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_im
6.5
MEDIUM
CVE-2018-19139
all versions
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
5.5
MEDIUM
CVE-2018-18873
all versions
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
5.5
MEDIUM
CVE-2016-9583
< 2.0.6
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafte
5.5
MEDIUM
CVE-2016-8654
< 2.0.0
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jas
7.8
HIGH
CVE-2018-9154
all versions
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a rem
7.5
HIGH
CVE-2018-9252
all versions
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
6.5
MEDIUM
CVE-2018-9055
all versions
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.
5.5
MEDIUM
CVE-2016-9600
< 2.0.10
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image file
6.5
MEDIUM
CVE-2016-9591
< 2.0.12
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a
5.5
MEDIUM
CVE-2017-14229
all versions
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of s
7.5
HIGH
CVE-2017-14132
all versions
JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900
6.5
MEDIUM
CVE-2017-13752
all versions
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote
7.5
HIGH
CVE-2017-13751
all versions
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote
7.5
HIGH
CVE-2017-13750
all versions
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead t
7.5
HIGH
CVE-2017-13749
all versions
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a rem
7.5
HIGH
CVE-2017-13748
all versions
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a
7.5
HIGH
CVE-2017-13747
all versions
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote
7.5
HIGH
CVE-2017-13746
all versions
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead t
7.5
HIGH
CVE-2017-13745
all versions
There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a r
7.5
HIGH
CVE-2015-5203
all versions
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of s
5.5
MEDIUM
CVE-2015-5221
<= 1.900.1
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.
5.5
MEDIUM
CVE-2017-1000050
all versions
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image conta
7.5
HIGH
CVE-2017-9782
all versions
JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a craft
5.5
MEDIUM
CVE-2016-8884
all versions
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL p
5.5
MEDIUM
CVE-2016-9557
<= 1.900.24
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash)
5.5
MEDIUM
CVE-2016-9399
all versions
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure
7.5
HIGH
CVE-2016-9398
< 1.900.17
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion
7.5
HIGH
CVE-2016-9397
all versions
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failur
7.5
HIGH
CVE-2016-9396
<= 1.900.11
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC
7.5
HIGH
CVE-2016-9395
<= 1.900.24
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (asserti
5.5
MEDIUM
CVE-2016-9394
<= 1.900.16
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (asserti
5.5
MEDIUM
CVE-2016-9393
all versions
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assert
5.5
MEDIUM
CVE-2016-9392
<= 1.900.16
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion
5.5
MEDIUM
CVE-2016-9391
<= 2.0.6
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (asser
7.5
HIGH
CVE-2016-9390
<= 1.900.13
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (asserti
5.5
MEDIUM
CVE-2016-9389
<= 1.900.13
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (as
7.5
HIGH
CVE-2016-9388
< 1.900.14
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion fa
5.5
MEDIUM
CVE-2016-9387
<= 1.900.12
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers
7.8
HIGH
CVE-2016-9262
<= 1.900.21
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c i
5.5
MEDIUM
CVE-2016-8887
<= 1.900.9
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of se
5.5
MEDIUM
CVE-2016-8886
<= 1.900.10
The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impac
7.8
HIGH
CVE-2016-8885
<= 1.900.8
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service
5.5
MEDIUM
CVE-2017-5505
all versions
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory r
5.5
MEDIUM
CVE-2017-6852
<= 2.0.9
Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspe
7.8
HIGH
CVE-2017-6851
<= 2.0.9
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read)
5.5
MEDIUM
CVE-2017-6850
<= 2.0.12
The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL poin
5.5
MEDIUM
CVE-2016-10251
<= 1.900.19
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecif
7.8
HIGH
CVE-2016-10250
<= 1.900.12
The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL po
7.5
HIGH
CVE-2016-10249
<= 1.900.11
Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspeci
7.8
HIGH
CVE-2016-10248
<= 1.900.8
The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL
7.5
HIGH
CVE-2017-5504
all versions
The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (inva
5.5
MEDIUM
CVE-2017-5503
all versions
The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (inv
5.5
MEDIUM
CVE-2017-5502
all versions
libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left
5.5
MEDIUM
CVE-2017-5501
all versions
Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a
5.5
MEDIUM
CVE-2017-5500
all versions
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left
5.5
MEDIUM
CVE-2017-5499
all versions
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a
5.5
MEDIUM
CVE-2017-5498
all versions
libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors in
5.5
MEDIUM
CVE-2016-9560
< 1.900.30
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to
7.8
HIGH
CVE-2016-8693
<= 1.900.5
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a d
7.8
HIGH
CVE-2016-8692
<= 1.900.3
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of
5.5
MEDIUM
CVE-2016-8691
<= 1.900.3
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of
5.5
MEDIUM
CVE-2016-8690
<= 1.900.29
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service
5.5
MEDIUM
CVE-2016-8883
<= 1.900.7
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assert
5.5
MEDIUM
CVE-2016-8882
<= 1.900.7
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of ser
5.5
MEDIUM
CVE-2016-2116
<= 1.900.1
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of s
5.7
MEDIUM
CVE-2016-1577
<= 1.900.1
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a
7.6
HIGH
CVE-2016-2089
all versions
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and
6.5
MEDIUM
CVE-2016-1867
all versions
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and applic
6.5
MEDIUM
CVE-2014-8158
<= 1.900.1
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of serv
CVE-2014-8157
<= 1.900.1
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of se
CVE-2014-8138
all versions
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of s
CVE-2014-8137
<= 1.900.1
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a
CVE-2014-9029
<= 1.900.1
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.9
CVE-2011-4517
all versions
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calcul
CVE-2011-4516
all versions
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attacker
CVE-2009-4770
all versions
The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account,
CVE-2009-4769
all versions
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attacke
CVE-2009-4531
<= 1.4.4
httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the
CVE-2009-3711
all versions
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to
CVE-2009-3663
all versions
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a de
CVE-2008-3522
all versions
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent a
CVE-2008-3521
all versions
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a d
CVE-2008-3520
all versions
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin