Information on source package jasper

Available versions

ReleaseVersion
wheezy1.900.1-13+deb7u4
wheezy (security)1.900.1-13+deb7u6
jessie (security)1.900.1-debian1-2.4+deb8u3

Open issues

BugwheezyjessieDescription
CVE-2017-9782vulnerablevulnerable (no DSA)JasPer 2.0.12 allows remote attackers to cause a denial of service ...
CVE-2017-6852vulnerablevulnerable (no DSA)Heap-based buffer overflow in the jpc_dec_decodepkt function in ...
CVE-2017-14229vulnerablevulnerable (no DSA, ignored)There is an infinite loop in the jpc_dec_tileinit function in ...
CVE-2017-14132vulnerablevulnerable (no DSA, ignored)JasPer 2.0.13 allows remote attackers to cause a denial of service ...
CVE-2017-13748vulnerablevulnerable (no DSA, ignored)There are lots of memory leaks in JasPer 2.0.12, triggered in the ...
CVE-2016-9557vulnerable (no DSA)vulnerable (no DSA)Integer overflow in jas_image.c in JasPer before 1.900.25 allows ...
CVE-2016-8886vulnerable (no DSA)vulnerable (no DSA)The jas_malloc function in libjasper/base/jas_malloc.c in JasPer ...
CVE-2016-8690vulnerable (no DSA)vulnerable (no DSA)The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before ...
CVE-2016-1867vulnerable (no DSA)fixedThe jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers ...
CVE-2015-5221vulnerable (no DSA)vulnerable (no DSA)Use-after-free vulnerability in the mif_process_cmpt function in ...
CVE-2015-5203vulnerable (no DSA)vulnerable (no DSA)Double free vulnerability in the jasper_image_stop_load function in ...

Open unimportant issues

BugwheezyjessieDescription
CVE-2017-6851vulnerablevulnerableThe jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows ...
CVE-2017-6850vulnerablevulnerableThe jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 ...
CVE-2017-5505vulnerablevulnerableThe jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows ...
CVE-2017-5504vulnerablevulnerableThe jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer ...
CVE-2017-5502vulnerablevulnerablelibjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to ...
CVE-2017-5501vulnerablevulnerableInteger overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows ...
CVE-2017-5500vulnerablevulnerablelibjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to ...
CVE-2017-5499vulnerablevulnerableInteger overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows ...
CVE-2017-5498vulnerablevulnerablelibjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote ...
CVE-2017-13752vulnerablevulnerableThere is a reachable assertion abort in the function jpc_dequantize() ...
CVE-2017-13751vulnerablevulnerableThere is a reachable assertion abort in the function calcstepsizes() in ...
CVE-2017-13750vulnerablevulnerableThere is a reachable assertion abort in the function ...
CVE-2017-13749vulnerablevulnerableThere is a reachable assertion abort in the function jpc_pi_nextrpcl() ...
CVE-2017-13747vulnerablevulnerableThere is a reachable assertion abort in the function jpc_floorlog2() in ...
CVE-2017-13746vulnerablevulnerableThere is a reachable assertion abort in the function ...
CVE-2017-13745vulnerablevulnerableThere is a reachable assertion abort in the function ...
CVE-2017-1000050vulnerablevulnerableJasPer 2.0.12 is vulnerable to a NULL pointer exception in the ...
CVE-2016-9600vulnerablevulnerableNull Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder
CVE-2016-9583vulnerablevulnerableOut of bounds heap read in jpc_pi_nextpcrl()
CVE-2016-9399vulnerablevulnerableThe calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows ...
CVE-2016-9398vulnerablevulnerableThe jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 ...
CVE-2016-9397vulnerablevulnerableThe jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows ...
CVE-2016-9396vulnerablevulnerableThe JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through ...
CVE-2016-9395vulnerablevulnerableThe jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 ...
CVE-2016-9394vulnerablevulnerableThe jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 ...
CVE-2016-9393vulnerablevulnerableThe jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 ...
CVE-2016-9392vulnerablevulnerableThe calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 ...
CVE-2016-9391vulnerablevulnerableThe jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 ...
CVE-2016-9390vulnerablevulnerableThe jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 ...
CVE-2016-9389vulnerablevulnerableThe jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before ...
CVE-2016-9388vulnerablevulnerableThe ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows ...
CVE-2016-9387vulnerablevulnerableInteger overflow in the jpc_dec_process_siz function in ...
CVE-2016-8887fixedvulnerableThe jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer ...
CVE-2016-8883fixedvulnerableThe jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 ...
CVE-2016-10248vulnerablevulnerableThe jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before ...

Resolved issues

BugDescription
CVE-2017-5503The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer ...
CVE-2016-9591Use-after-free on heap in jas_matrix_destroy
CVE-2016-9560Stack-based buffer overflow in the jpc_tsfb_getbands2 function in ...
CVE-2016-9262Multiple integer overflows in the (1) jas_realloc function in ...
CVE-2016-8885The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before ...
CVE-2016-8884The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 ...
CVE-2016-8882The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer ...
CVE-2016-8693Double free vulnerability in the mem_close function in jas_stream.c in ...
CVE-2016-8692The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer ...
CVE-2016-8691The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer ...
CVE-2016-8654Heap-based buffer overflow in QMFB code in JPC codec
CVE-2016-2116Memory leak in the jas_iccprof_createfrombuf function in JasPer ...
CVE-2016-2089The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows ...
CVE-2016-1577Double free vulnerability in the jas_iccattrval_destroy function in ...
CVE-2016-10251Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in ...
CVE-2016-10250The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 ...
CVE-2016-10249Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in ...
CVE-2015-8751
CVE-2014-9029Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) ...
CVE-2014-8158Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 ...
CVE-2014-8157Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 ...
CVE-2014-8138Heap-based buffer overflow in the jp2_decode function in JasPer ...
CVE-2014-8137Double free vulnerability in the jas_iccattrval_destroy function in ...
CVE-2011-4517The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer ...
CVE-2011-4516Heap-based buffer overflow in the jpc_cox_getcompparms function in ...
CVE-2008-3522Buffer overflow in the jas_stream_printf function in ...
CVE-2008-3521Race condition in the jas_stream_tmpfile function in ...
CVE-2008-3520Multiple integer overflows in JasPer 1.900.1 might allow ...
CVE-2007-2721The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer ...

Security announcements

DSA / DLADescription
DLA-920-1jasper - security update
DSA-3827-1jasper - security update
DSA-3785-1jasper - security update
DLA-739-1jasper - security update
DSA-3508-1jasper - security update
DSA-3508-1jasper - security update
DLA-138-1jasper - security update
DSA-3138-1jasper - security update
DLA-121-1jasper - security update
DSA-3106-1jasper - security update
DLA-101-1jasper - security update
DSA-3089-1jasper - security update
DSA-2371-1jasper - buffer overflows
DSA-2371-1jasper - buffer overflows
DSA-2036-1jasper - denial of service

Search for package or bug name: Reporting problems