Astra Linux – Vulnerability in openjpeg2

There is a flaw in the src/lib/openjp2/pi.c file of openjpeg in versions prior to 2.4.0. If an attacker can provide untrusted input to openjpeg’s conversion/encoding functionality, they could cause an out-of-bounds read. The most significant impact of this flaw is the application’s availability...

JLSEC-2026-551

openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c...

JLSEC-2026-550

A flaw was found in OpenJPEG. A resource exhaustion can occur in the opjt1decodecblks function in tcd.c through a crafted image file, causing a denial of service...

JLSEC-2026-549

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file...

PT-2026-47109

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...

Unity Linux 20.1060e / 20.1070e Security Update: openjpeg2 (UTSA-2026-017606)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017606 advisory. There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg...

USN-8252-1: OpenJPEG vulnerability

It was discovered that OpenJPEG did not properly handle memory when encoding image files. An attacker could use this issue to cause OpenJPEG to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8252-1 openjpeg2 vulnerability

It was discovered that OpenJPEG did not properly handle memory when encoding image files. An attacker could use this issue to cause OpenJPEG to crash, resulting in a denial of service, or possibly execute arbitrary code...

PT-2026-39179

It was discovered that OpenJPEG did not properly handle memory when encoding image files. An attacker could use this issue to cause OpenJPEG to crash, resulting in a denial of service, or possibly execute arbitrary code...

Astra Linux – Vulnerability in openjpeg2

In OpenJPEG version 2.3.1, the jp2/opjdecompress.c file contains a use-after-free issue. This issue can occur if there is a mix of valid and invalid files in a directory that is processed by the decompressor. It is also possible for a double free to occur. This issue is related to calling...

CVE-2026-6192

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The...

UBUNTU-CVE-2026-6192

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The...

CVE-2026-6192 uclouvain openjpeg pi.c opj_pi_initialise_encode integer overflow

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The...

CVE-2026-6192 uclouvain openjpeg pi.c opj_pi_initialise_encode integer overflow

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The...

CVE-2026-6192

Affected software: uclouvain openjpeg (up to 2.5.4). Vulnerable component: opj_pi_initialise_encode in src/lib/openjp2/pi.c due to an integer overflow. Impact: local attacker can exploit; exploit exists publicly. Patch: reference to patch identifier 839936aa33eb8899bbbd80fda02796bb65068951 should...

MiracleLinux 4 : openjpeg-1.3-10.AXS4 (AXSA:2014-074:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-074:01 advisory. OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, the new still-image...

MiracleLinux 7 : openjpeg-1.5.1-17.el7 (AXBA:2017-1766:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXBA:2017-1766:02 advisory. - Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors...

MiracleLinux 4 : openjpeg-1.3-8.AXS4 (AXSA:2012-758:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-758:01 advisory. OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, the new still-image...

MiracleLinux 4 : openjpeg-1.3-9.AXS4 (AXSA:2012-984:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-984:02 advisory. OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, the new still-image...

EUVD-2016-9938

Malware in sbrugna...