Michael Adams

30 exploits Active since Sep 2006
CVE-2016-9583 WRITEUP MEDIUM WRITEUP
Redhat Enterprise Linux Desktop < 2.0.6 - Integer Overflow
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
CVSS 5.5
CVE-2016-8654 WRITEUP HIGH WRITEUP
jasper < 2.0.0 - Heap-Based Buffer Overflow in QMFB JPC Codec
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
CVSS 7.8
CVE-2016-8690 WRITEUP MEDIUM WRITEUP
JasPer < 1.900.5 - Denial of Service via Crafted BMP Image in imginfo Command
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
CVSS 5.5
CVE-2016-8691 WRITEUP MEDIUM WRITEUP
JasPer < 1.900.4 - Denial of Service via Crafted XRsiz Value in BMP Image
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
CVSS 5.5
CVE-2016-8692 WRITEUP MEDIUM WRITEUP
JasPer < 1.900.4 - Denial of Service via Crafted YRsiz Value in BMP Image
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
CVSS 5.5
CVE-2016-8693 WRITEUP HIGH WRITEUP
JasPer < 1.900.10 - Double Free in mem_close Function via Crafted BMP Image
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
CVSS 7.8
CVE-2016-8884 WRITEUP MEDIUM WRITEUP
JasPer 1.900.5 - Denial of Service via BMP Image Processing in bmp_getdata
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
CVSS 5.5
CVE-2016-8887 WRITEUP MEDIUM WRITEUP
JasPer < 1.900.10 - Denial of Service via NULL Pointer Dereference in jp2_colr_destroy
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
CVSS 5.5
CVE-2016-9262 WRITEUP MEDIUM WRITEUP
JasPer < 1.900.21 - Integer Overflow and Use-After-Free via Crafted Image
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
CVSS 5.5
CVE-2016-9387 WRITEUP HIGH WRITEUP
JasPer < 1.900.12 - Integer Overflow in jpc_dec_process_siz
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
CVSS 7.8
CVE-2016-9388 WRITEUP MEDIUM WRITEUP
JasPer < 1.900.14 - Denial of Service via Crafted Image File
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
CVSS 5.5
CVE-2016-9389 WRITEUP HIGH WRITEUP
JasPer < 1.900.13 - Denial of Service via jpc_irct and jpc_iict Assertion Failure
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
CVSS 7.5
CVE-2016-9390 WRITEUP MEDIUM WRITEUP
jasper < 1.900.13 - Denial of Service via Crafted Image File
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
CVSS 5.5
CVE-2016-9391 WRITEUP HIGH WRITEUP
JasPer < 2.0.10 - Denial of Service via Large Integer in jpc_bitstream_getbits
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
CVSS 7.5
CVE-2016-9392 WRITEUP MEDIUM WRITEUP
JasPer < 1.900.16 - Denial of Service via calcstepsizes Function
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVSS 5.5
CVE-2016-9393 WRITEUP MEDIUM WRITEUP
JasPer - Denial of Service via Crafted File in jpc_pi_nextrpcl Function
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVSS 5.5
CVE-2016-9394 WRITEUP MEDIUM WRITEUP
jasper < 1.900.16 - Denial of Service via Crafted File in jas_seq2d_create
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVSS 5.5
CVE-2016-9395 WRITEUP MEDIUM WRITEUP
JasPer < 1.900.24 - Denial of Service via Crafted File in jas_seq2d_create
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVSS 5.5
CVE-2016-9557 WRITEUP MEDIUM WRITEUP
jasper < 1.900.24 - Denial of Service via Integer Overflow in jas_image.c
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSS 5.5
CVE-2016-9560 WRITEUP HIGH WRITEUP
JasPer < 1.900.30 - Stack-based Buffer Overflow in jpc_tsfb_getbands2
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
CVSS 7.8
CVE-2016-9583 WRITEUP MEDIUM WRITEUP
Redhat Enterprise Linux Desktop < 2.0.6 - Integer Overflow
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
CVSS 5.5
CVE-2017-6850 WRITEUP MEDIUM WRITEUP
jasper < 2.0.12 - Denial of Service via NULL Pointer Dereference in jp2_cdef_destroy
The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
CVSS 5.5
CVE-2021-26926 WRITEUP HIGH WRITEUP
jasper < 2.0.25 - Out-of-bounds Read in jp2_decode
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
CVSS 7.1
CVE-2021-26927 WRITEUP MEDIUM WRITEUP
jasper < 2.0.25 - Denial of Service via Null Pointer Dereference in jp2_decode
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
CVSS 5.5
CVE-2024-31744 WRITEUP HIGH WRITEUP
Jasper 4.2.2 - Denial of Service via jpc_streamlist_remove Assertion Failure
In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.
CVSS 7.5