GCVE - cpe:2.3:a:n/a:jasper:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:jasper:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Jasper (`e143669d-7c7a-5c00-bf70-6be9727114b1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-8837`	vulnerable	2026-06-08 07:45:21.296866	JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free MEDIUM (5.3) A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue. Published: 2025-08-11T08:02:07.784Z Updated: 2025-08-11T19:56:29.410Z Open on db.gcve.eu Reference links https://vuldb.com/?id.319371 https://vuldb.com/?ctiid.319371 https://vuldb.com/?submit.630487 https://vuldb.com/?submit.630488 https://github.com/jasper-software/jasper/issues/402	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8836`	vulnerable	2026-06-08 07:45:21.296300	JasPer JPEG2000 Encoder jpc_enc.c jpc_floorlog2 assertion LOW (3.3) A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue. Published: 2025-08-11T07:32:08.430Z Updated: 2025-08-12T13:44:11.473Z Open on db.gcve.eu Reference links https://vuldb.com/?id.319370 https://vuldb.com/?ctiid.319370 https://vuldb.com/?submit.622409 https://github.com/jasper-software/jasper/issues/401 https://drive.google.com/file/d/1pPgndhHh2z0lk99Wt31W-XIW3XWt8FB3/view?usp=drive_link	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8835`	vulnerable	2026-06-08 07:45:21.294756	JasPer Image Color Space Conversion jas_image.c jas_image_chclrspc null pointer dereference LOW (3.3) A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue. Published: 2025-08-11T07:02:07.422Z Updated: 2025-08-12T13:46:19.331Z Open on db.gcve.eu Reference links https://vuldb.com/?id.319369 https://vuldb.com/?ctiid.319369 https://vuldb.com/?submit.622408 https://github.com/jasper-software/jasper/issues/400 https://github.com/jasper-software/jasper/issues/400#issuecomment-3134702772	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-2963`	vulnerable	2026-06-08 05:43:36.800803	Details available A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. Published: 2022-10-14T00:00:00.000Z Updated: 2025-05-15T15:05:49.501Z Open on db.gcve.eu Reference links https://access.redhat.com/security/cve/CVE-2022-2963 https://bugzilla.redhat.com/show_bug.cgi?id=2118587 https://github.com/jasper-software/jasper/issues/332	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-3467`	vulnerable	2026-06-08 05:33:52.382811	Details available A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. Published: 2021-03-25T18:45:41.000Z Updated: 2024-08-03T16:53:17.550Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1942097 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWAIUFNIUCGS2IMGGDTWZIUIY7BNLGKF/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-3443`	vulnerable	2026-06-08 05:33:52.037499	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26927`	vulnerable	2026-06-08 05:30:45.580451	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26926`	vulnerable	2026-06-08 05:30:45.579019	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27828`	vulnerable	2026-06-08 05:23:53.281713	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.