Search CVE reports
111 – 118 of 118 results
Some fixes available 4 of 5
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
3 affected packages
ghostscript, jasper, netpbm-free
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
| jasper | — | — | — | — |
| netpbm-free | — | — | — | — |
Some fixes available 4 of 5
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a...
3 affected packages
ghostscript, jasper, netpbm-free
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
| jasper | — | — | — | — |
| netpbm-free | — | — | — | — |
Some fixes available 7 of 8
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary...
3 affected packages
ghostscript, jasper, netpbm-free
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
| jasper | — | — | — | — |
| netpbm-free | — | — | — | — |
Some fixes available 7 of 8
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls...
3 affected packages
ghostscript, jasper, netpbm-free
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
| jasper | — | — | — | — |
| netpbm-free | — | — | — | — |
Some fixes available 7 of 8
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
2 affected packages
ghostscript, jasper
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
| jasper | — | — | — | — |
Some fixes available 4 of 5
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which...
2 affected packages
ghostscript, jasper
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
| jasper | — | — | — | — |
Some fixes available 7 of 8
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
2 affected packages
ghostscript, jasper
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
| jasper | — | — | — | — |
The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed...
3 affected packages
ghostscript, gs-gpl, jasper
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
| gs-gpl | — | — | — | — |
| jasper | — | — | — | — |