Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openjpeg
(Uclouvain)| Repositories |
• https://github.com/uclouvain/openjpeg
• https://github.com/szukw000/openjpeg • https://github.com/kbabioch/openjpeg |
| #Vulnerabilities | 76 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-04 | CVE-2021-3575 | A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. | Fedora, Enterprise_linux, Openjpeg | 7.8 | ||
| 2016-12-22 | CVE-2016-9675 | openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code. | Enterprise_linux, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_scientific_computing, Openjpeg | 7.8 | ||
| 2019-09-05 | CVE-2018-21010 | OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. | Debian_linux, Openjpeg | 8.8 | ||
| 2021-01-26 | CVE-2020-27814 | A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. | Debian_linux, Openjpeg | 7.8 | ||
| 2020-06-29 | CVE-2020-15389 | jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. | Debian_linux, Outside_in_technology, Openjpeg | 6.5 | ||
| 2019-06-26 | CVE-2019-12973 | In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. | Debian_linux, Leap, Database_server, Outside_in_technology, Openjpeg | 5.5 | ||
| 2016-10-28 | CVE-2016-8332 | A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used... | Openjpeg | 7.8 | ||
| 2018-02-04 | CVE-2018-6616 | In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. | Ubuntu_linux, Debian_linux, Georaster, Openjpeg | 5.5 | ||
| 2018-01-19 | CVE-2018-5785 | In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. | Ubuntu_linux, Debian_linux, Openjpeg | 6.5 | ||
| 2017-12-08 | CVE-2017-17480 | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | Ubuntu_linux, Debian_linux, Openjpeg | 9.8 |