PT-2026-47110

A flaw was found in the opj2 decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, leading to a segmentation fault an...

CVE-2026-41324

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to...

The vulnerability in the opj2_decompress program of the OpenJPEG library allows a attacker to cause a service failure.

The vulnerability of the opj2decompress program in the OpenJPEG image encoding and decoding library is related to improper handling of directories containing a large number of files. Exploiting this vulnerability allows an attacker to cause service interruptions...

DEBIAN-CVE-2022-1122

A flaw was found in the opj2decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, leading to a segmentation fault and...

UBUNTU-CVE-2021-29338

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...

PT-2021-7386 · Openjpeg +11 · Openjpeg +11

Name of the Vulnerable Software and Affected Versions: OpenJPEG version 2.4.0 Description: The issue is related to an integer overflow in OpenJPEG, which can be triggered by a remote attacker using the command line option "-ImgDir" on a directory containing a large number of files, specifically...

DEBIAN-CVE-2018-14624

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd t...

CVE-2015-2997

SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message...

tomcat DoS

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service CPU consumption via a large number of simultaneous requests to list a web directory that has a large number of files...