Michael Adams

29 exploits Active since Sep 2006
CVE-2016-8654 WRITEUP HIGH WRITEUP
Jasper <2.0.0 - Buffer Overflow
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
CVSS 7.8
CVE-2016-8690 WRITEUP MEDIUM WRITEUP
JasPer <1.900.5 - DoS
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
CVSS 5.5
CVE-2016-8691 WRITEUP MEDIUM WRITEUP
JasPer <1.900.4 - DoS
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
CVSS 5.5
CVE-2016-8692 WRITEUP MEDIUM WRITEUP
JasPer <1.900.4 - DoS
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
CVSS 5.5
CVE-2016-8693 WRITEUP HIGH WRITEUP
JasPer <1.900.10 - Use After Free
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
CVSS 7.8
CVE-2016-8884 WRITEUP MEDIUM WRITEUP
JasPer 1.900.5 - DoS
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
CVSS 5.5
CVE-2016-8887 WRITEUP MEDIUM WRITEUP
JasPer <1.900.10 - DoS
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
CVSS 5.5
CVE-2016-9262 WRITEUP MEDIUM WRITEUP
JasPer <1.900.22 - DoS
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
CVSS 5.5
CVE-2016-9387 WRITEUP HIGH WRITEUP
JasPer <1.900.13 - Buffer Overflow
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
CVSS 7.8
CVE-2016-9388 WRITEUP MEDIUM WRITEUP
JasPer <1.900.14 - DoS
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
CVSS 5.5
CVE-2016-9389 WRITEUP HIGH WRITEUP
JasPer <1.900.14 - DoS
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
CVSS 7.5
CVE-2016-9390 WRITEUP MEDIUM WRITEUP
JasPer <1.900.14 - DoS
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
CVSS 5.5
CVE-2016-9391 WRITEUP HIGH WRITEUP
JasPer <2.0.10 - DoS
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
CVSS 7.5
CVE-2016-9392 WRITEUP MEDIUM WRITEUP
JasPer <1.900.17 - DoS
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVSS 5.5
CVE-2016-9393 WRITEUP MEDIUM WRITEUP
JasPer <1.900.17 - DoS
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVSS 5.5
CVE-2016-9394 WRITEUP MEDIUM WRITEUP
JasPer <1.900.17 - DoS
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVSS 5.5
CVE-2016-9395 WRITEUP MEDIUM WRITEUP
JasPer <1.900.25 - DoS
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVSS 5.5
CVE-2016-9557 WRITEUP MEDIUM WRITEUP
Jasper < 1.900.24 - Integer Overflow
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSS 5.5
CVE-2016-9560 WRITEUP HIGH WRITEUP
Jasper < 1.900.30 - Out-of-Bounds Write
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
CVSS 7.8
CVE-2016-9583 WRITEUP MEDIUM WRITEUP
Redhat Enterprise Linux Desktop < 2.0.6 - Integer Overflow
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
CVSS 5.5
CVE-2017-6850 WRITEUP MEDIUM WRITEUP
JasPer <2.0.13 - DoS
The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
CVSS 5.5
CVE-2021-26926 WRITEUP HIGH WRITEUP
Jasper < 2.0.25 - Out-of-Bounds Read
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
CVSS 7.1
CVE-2021-26927 WRITEUP MEDIUM WRITEUP
Jasper < 2.0.25 - NULL Pointer Dereference
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
CVSS 5.5
CVE-2024-31744 WRITEUP HIGH WRITEUP
Jasper 4.2.2 - DoS
In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.
CVSS 7.5
CVE-2025-8835 WRITEUP LOW WRITEUP
Jasper < 4.2.5 - NULL Pointer Dereference
A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue.
CVSS 3.3