These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-5504 is a denial-of-service issue in JasPer’s jpc_undo_roi function in libjasper/jpc/jpc_dec.c. A crafted image can trigger an invalid memory read and crash the application. The CVE record was published on 2017-03-01 and later modified on 2026-05-13.
CVE-2017-5503 is a memory-corruption flaw in JasPer 1.900.27’s JPEG 2000 decoder path. A crafted image can trigger an invalid memory write in dec_clnpass, which can crash the process and may have other unspecified impact. NVD records the issue as CWE-787 and scores it CVSS 5.5 (medium). The corpus also includes an exploit-oriented advisory and downstream security notices, indicating the bug was publicly a [truncated]
CVE-2017-5502 is a denial-of-service issue in JasPer 1.900.17 affecting libjasper/jp2/jp2_dec.c. The public record says malformed input can trigger a crash through a left shift of a negative value. NVD assigns a medium severity score and lists availability impact as the primary consequence.
CVE-2017-5501 is an integer-overflow flaw in JasPer 1.900.17's libjasper/jpc/jpc_tsfb.c. When a crafted file is processed, the bug can crash the application, resulting in a denial of service. NVD rates the issue as medium severity and availability-only impact.
CVE-2017-5500 is a denial-of-service issue in JasPer 1.900.17, specifically in libjasper/jpc/jpc_dec.c. The record says crafted input can trigger a crash through a left shift of a negative value. NVD rates the issue as medium severity with availability impact only, making this primarily a service-stability problem rather than a confidentiality or integrity issue.
CVE-2017-5499 affects JasPer 1.900.17 and is described by NVD as an integer overflow in libjasper/jpc/jpc_dec.c that can let a crafted file crash the application. NVD classifies the weakness as CWE-190 and assigns CVSS 3.0 5.5 (MEDIUM), with impact limited to availability. The record was published on 2017-03-01 and later modified on 2026-05-13.
CVE-2017-5498 describes a crash condition in JasPer 1.900.17, specifically in libjasper/include/jasper/jas_math.h, where vectors involving a left shift of a negative value can trigger denial of service. The supplied NVD record rates the issue as medium severity and lists impact to availability only.
CVE-2016-8883 is a denial-of-service vulnerability in JasPer's JPEG-2000 decoder. According to the CVE record, jpc_dec_tiledecode in jpc_dec.c can hit an assertion failure when processing a crafted file, affecting JasPer versions before 1.900.8. The issue is rated medium severity in NVD, with availability impact only and no evidence in the provided corpus of code execution, data loss, or public weaponization.
CVE-2016-8882 is a denial-of-service issue in JasPer’s JPEG-2000 decoder path. The affected function, jpc_dec_tilefini in libjasper/jpc/jpc_dec.c, can hit a NULL pointer dereference and crash when processing a crafted file. The CVE record lists JasPer versions before 1.900.8 as vulnerable. NVD assigns medium severity and a CVSS 3.0 vector that reflects availability impact with user interaction required.