JLSEC-2026-541

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as...

JLSEC-2026-542

There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability...

PT-2026-47107

There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability...

Unity Linux 20.1060e / 20.1070e Security Update: openjpeg2 (UTSA-2026-017606)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017606 advisory. There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg...

CVE-2026-25925

PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to...

PowerDocu 代码问题漏洞

PowerDocu is a canvas generation software developed by Rene Modery. Versions of PowerDocu prior to 2.4.0 had code vulnerabilities. These vulnerabilities stemmed from blindly trusting the $type attribute during the parsing of JSON files, which could lead to code execution...

PT-2026-6265

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.118.0 n8n versions prior to 2.4.0 Description n8n is a workflow automation platform. A flaw in the Merge node’s SQL Query mode permitted authenticated users with workflow creation or modification rights to write arbitra...

expat: internal entity expansion

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...

Linux Distros Unpatched Vulnerability : CVE-2020-27841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg...

CVE-2023-1655

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0...

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.

...

There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.

...

There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.

...

A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality causing an out-of-bounds read. The highest threat from this vulnerability is system availability.

...

编号撤回

Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. A denial of service vulnerability exists in versions of Hyperledger Fabric prior to 2.4.0 that stems from not properly handling incoming error messages, which can be...

FreeRDP 输入验证错误漏洞

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP Freerdp team. An input validation error vulnerability exists in versions prior to FreeRDP 2.4.0, which stems from clipboard redirection being enabled by default. An attacker could read arbitrary files fro...

Django 安全漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django-filter versions prior to 2.4.0, which stems from being...

AZL-44178 CVE-2020-27844 affecting package openjpeg2 2.3.1-12

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as...

DEBIAN-CVE-2020-27841

There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability...

UBUNTU-CVE-2020-27842

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability...