Vulnerabilities (CVE)

Filtered by vendor Uclouvain Subscribe
Filtered by product Openjpeg
Total 77 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-21010 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
CVE-2018-20847 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
CVE-2018-20846 1 Uclouvain 1 Openjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2018-20845 1 Uclouvain 1 Openjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2018-18088 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c
CVE-2018-16376 1 Uclouvain 1 Openjpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
CVE-2018-16375 1 Uclouvain 1 Openjpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
CVE-2018-14423 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2024-11-21 5.0 MEDIUM 7.5 HIGH
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2017-17480 3 Canonical, Debian, Uclouvain 3 Ubuntu Linux, Debian Linux, Openjpeg 2024-11-21 7.5 HIGH 9.8 CRITICAL
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2017-17479 1 Uclouvain 1 Openjpeg 2024-11-21 7.5 HIGH 9.8 CRITICAL
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2017-14164 1 Uclouvain 1 Openjpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.
CVE-2017-14152 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.
CVE-2017-14151 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution.
CVE-2017-14041 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2017-14040 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.
CVE-2017-14039 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
CVE-2017-12982 1 Uclouvain 1 Openjpeg 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.
CVE-2016-9675 2 Redhat, Uclouvain 5 Enterprise Linux, Enterprise Linux For Ibm Z Systems, Enterprise Linux For Power Big Endian and 2 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
CVE-2016-9581 1 Uclouvain 1 Openjpeg 2024-11-21 6.8 MEDIUM 3.3 LOW
An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.
CVE-2016-9580 1 Uclouvain 1 Openjpeg 2024-11-21 6.8 MEDIUM 3.3 LOW
An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.