Filtered by vendor Uclouvain
Subscribe
Total
77 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9572 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. | |||||
CVE-2019-6988 | 1 Uclouvain | 1 Openjpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. | |||||
CVE-2018-18088 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c | |||||
CVE-2018-16375 | 1 Uclouvain | 1 Openjpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. | |||||
CVE-2018-14423 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | |||||
CVE-2016-9581 | 1 Uclouvain | 1 Openjpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. | |||||
CVE-2016-9580 | 1 Uclouvain | 1 Openjpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. | |||||
CVE-2016-9573 | 3 Debian, Redhat, Uclouvain | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. | |||||
CVE-2018-16376 | 1 Uclouvain | 1 Openjpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. | |||||
CVE-2018-6616 | 4 Canonical, Debian, Oracle and 1 more | 4 Ubuntu Linux, Debian Linux, Georaster and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. | |||||
CVE-2018-5785 | 3 Canonical, Debian, Uclouvain | 3 Ubuntu Linux, Debian Linux, Openjpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. | |||||
CVE-2014-0158 | 2 Opensuse, Uclouvain | 2 Opensuse, Openjpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS." | |||||
CVE-2018-7648 | 1 Uclouvain | 1 Openjpeg | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. | |||||
CVE-2017-14040 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. | |||||
CVE-2015-1239 | 3 Debian, Google, Uclouvain | 4 Debian Linux, Chrome, Pdfium and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. | |||||
CVE-2018-5727 | 1 Uclouvain | 1 Openjpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. | |||||
CVE-2017-12982 | 1 Uclouvain | 1 Openjpeg | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. | |||||
CVE-2017-14039 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. | |||||
CVE-2017-14041 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | |||||
CVE-2016-10507 | 1 Uclouvain | 1 Openjpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. |