Vulnerabilities (CVE)

Filtered by vendor Uclouvain Subscribe

Filtered by product Openjpeg

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-17480	3 Canonical, Debian, Uclouvain	3 Ubuntu Linux, Debian Linux, Openjpeg	2021-02-03	7.5 HIGH	9.8 CRITICAL
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2018-7648	1 Uclouvain	1 Openjpeg	2021-01-26	7.5 HIGH	9.8 CRITICAL
An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.
CVE-2015-8871	2 Debian, Uclouvain	2 Debian Linux, Openjpeg	2020-09-09	7.5 HIGH	9.8 CRITICAL
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2017-17479	1 Uclouvain	1 Openjpeg	2018-11-29	7.5 HIGH	9.8 CRITICAL
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.