Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openjpeg
(Uclouvain)| Repositories |
• https://github.com/uclouvain/openjpeg
• https://github.com/szukw000/openjpeg • https://github.com/kbabioch/openjpeg |
| #Vulnerabilities | 76 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-06-26 | CVE-2018-20845 | Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | Openjpeg | 6.5 | ||
| 2019-06-26 | CVE-2018-20847 | An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. | Debian_linux, Openjpeg | 8.8 | ||
| 2019-06-26 | CVE-2018-20846 | Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | Openjpeg | 6.5 | ||
| 2012-07-18 | CVE-2009-5030 | The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free." | Openjpeg | N/A | ||
| 2012-07-18 | CVE-2012-3358 | Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file. | Openjpeg | N/A | ||
| 2012-09-05 | CVE-2012-3535 | Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file. | Openjpeg | N/A | ||
| 2018-08-01 | CVE-2016-9573 | An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. | Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation, Openjpeg | 8.1 | ||
| 2018-08-01 | CVE-2016-9581 | An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. | Openjpeg | 8.8 | ||
| 2018-08-01 | CVE-2016-9572 | A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. | Debian_linux, Openjpeg | 6.5 | ||
| 2018-08-01 | CVE-2016-9580 | An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. | Openjpeg | 8.8 |