Jasper Project: >> Jasper >> 2.0.14 Security Vulnerabilities
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
CVSS Score
5.5
EPSS Score
0.005
Published
2018-10-31
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-05-04
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-04-04
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.
CVSS Score
5.5
EPSS Score
0.004
Published
2018-03-27
Page 3