Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openjpeg
(Uclouvain)| Repositories |
• https://github.com/uclouvain/openjpeg
• https://github.com/szukw000/openjpeg • https://github.com/kbabioch/openjpeg |
| #Vulnerabilities | 76 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-01-27 | CVE-2016-1923 | Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | Openjpeg | 6.5 | ||
| 2017-08-30 | CVE-2016-10507 | Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. | Openjpeg | 6.5 | ||
| 2017-08-30 | CVE-2016-10506 | Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | Openjpeg | 6.5 | ||
| 2017-08-30 | CVE-2016-10505 | NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | Openjpeg | 6.5 | ||
| 2017-08-30 | CVE-2016-10504 | Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. | Openjpeg | 6.5 | ||
| 2016-09-21 | CVE-2015-8871 | Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors. | Debian_linux, Openjpeg | 9.8 | ||
| 2018-04-10 | CVE-2014-0158 | Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in... | Opensuse, Openjpeg | 8.8 | ||
| 2014-04-27 | CVE-2013-6887 | OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. | Openjpeg | N/A | ||
| 2013-12-12 | CVE-2013-6054 | Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045. | Openjpeg | N/A | ||
| 2014-04-27 | CVE-2013-6053 | OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | Openjpeg | N/A |