Search
Total
77 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9118 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. | |||||
| CVE-2016-9573 | 3 Debian, Redhat, Uclouvain | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2020-09-09 | 5.8 MEDIUM | 8.1 HIGH |
| An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. | |||||
| CVE-2016-9572 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. | |||||
| CVE-2016-9580 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. | |||||
| CVE-2016-9581 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. | |||||
| CVE-2018-14423 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2020-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | |||||
| CVE-2018-20845 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | |||||
| CVE-2018-20846 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | |||||
| CVE-2018-20847 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. | |||||
| CVE-2012-1499 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 9.3 HIGH | N/A |
| The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write." | |||||
| CVE-2013-4290 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c. | |||||
| CVE-2013-4289 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 10.0 HIGH | N/A |
| Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow. | |||||
| CVE-2013-1447 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 5.0 MEDIUM | N/A |
| OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors. | |||||
| CVE-2012-3535 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file. | |||||
| CVE-2012-3358 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file. | |||||
| CVE-2009-5030 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 6.8 MEDIUM | N/A |
| The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free." | |||||
| CVE-2014-0158 | 2 Opensuse, Uclouvain | 2 Opensuse, Openjpeg | 2020-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS." | |||||
| CVE-2013-6887 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 6.4 MEDIUM | N/A |
| OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. | |||||
| CVE-2013-6054 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045. | |||||
| CVE-2013-6053 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 5.0 MEDIUM | N/A |
| OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | |||||
| CVE-2013-6052 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 5.0 MEDIUM | N/A |
| OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | |||||
| CVE-2013-6045 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2019-6988 | 1 Uclouvain | 1 Openjpeg | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. | |||||
| CVE-2016-3182 | 1 Uclouvain | 1 Openjpeg | 2020-02-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. | |||||
| CVE-2018-18088 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2019-08-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c | |||||
| CVE-2017-17479 | 1 Uclouvain | 1 Openjpeg | 2018-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | |||||
| CVE-2018-16376 | 1 Uclouvain | 1 Openjpeg | 2018-10-31 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. | |||||