Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
UclouvainOpenjpeg

79 matches found

CVE
CVEadded 2012/07/18 10:55 p.m.69 views

CVE-2009-5030

The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "inval...

6.8CVSS7.4AI score0.04533EPSS
CVE
CVEadded 2018/09/03 12:29 a.m.68 views

CVE-2018-16376

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

8.8CVSS8.8AI score0.00566EPSS
CVE
CVEadded 2018/04/10 3:29 p.m.65 views

CVE-2014-0158

Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction...

8.8CVSS8.7AI score0.06297EPSS
CVE
CVEadded 2019/01/28 4:29 p.m.63 views

CVE-2019-6988

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

6.5CVSS6.3AI score0.00351EPSS
CVE
CVEadded 2017/08/30 9:29 a.m.62 views

CVE-2016-10507

Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.

6.5CVSS6.6AI score0.00653EPSS
CVE
CVEadded 2017/08/30 9:29 a.m.61 views

CVE-2016-10506

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

6.5CVSS6AI score0.02046EPSS
CVE
CVEadded 2016/01/27 8:59 p.m.59 views

CVE-2016-1924

The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

6.5CVSS5.6AI score0.00925EPSS
CVE
CVEadded 2017/02/03 4:59 p.m.59 views

CVE-2016-4796

Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

5.5CVSS5.5AI score0.00374EPSS
CVE
CVEadded 2017/02/03 4:59 p.m.58 views

CVE-2016-3183

The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.

5.5CVSS5.2AI score0.00129EPSS
CVE
CVEadded 2016/10/03 4:9 p.m.58 views

CVE-2016-7445

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

7.5CVSS5.9AI score0.02039EPSS
CVE
CVEadded 2024/07/13 3:15 a.m.58 views

CVE-2023-39327

A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

4.3CVSS4.2AI score0.00122EPSS
CVE
CVEadded 2016/10/30 10:59 p.m.57 views

CVE-2016-9114

There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

7.5CVSS7.3AI score0.00607EPSS
CVE
CVEadded 2013/12/12 6:55 p.m.56 views

CVE-2013-1447

OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors.

5CVSS7.7AI score0.00755EPSS
CVE
CVEadded 2014/04/27 8:55 p.m.55 views

CVE-2013-6887

OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.

6.4CVSS7.6AI score0.00244EPSS
CVE
CVEadded 2016/10/30 10:59 p.m.55 views

CVE-2016-9113

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

7.5CVSS7.3AI score0.00448EPSS
CVE
CVEadded 2012/09/05 11:55 p.m.54 views

CVE-2012-3535

Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.

6.8CVSS7.8AI score0.0457EPSS
CVE
CVEadded 2018/03/02 4:29 p.m.54 views

CVE-2018-7648

An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.

9.8CVSS9.4AI score0.00592EPSS
CVE
CVEadded 2013/12/12 6:55 p.m.52 views

CVE-2013-6052

OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

5CVSS7.6AI score0.0036EPSS
CVE
CVEadded 2013/12/12 6:55 p.m.52 views

CVE-2013-6054

Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.

7.5CVSS7.9AI score0.06297EPSS
CVE
CVEadded 2017/08/30 9:29 a.m.52 views

CVE-2016-10505

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via c...

6.5CVSS6.8AI score0.00656EPSS
CVE
CVEadded 2016/10/30 10:59 p.m.52 views

CVE-2016-9117

NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

6.5CVSS6.5AI score0.00357EPSS
CVE
CVEadded 2016/01/27 8:59 p.m.51 views

CVE-2016-1923

Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

6.5CVSS5.9AI score0.0047EPSS
CVE
CVEadded 2016/10/30 10:59 p.m.51 views

CVE-2016-9115

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

6.5CVSS6.6AI score0.00374EPSS
CVE
CVEadded 2016/10/30 10:59 p.m.48 views

CVE-2016-9116

NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

6.5CVSS6.5AI score0.00357EPSS
CVE
CVEadded 2014/04/27 10:55 p.m.46 views

CVE-2013-6053

OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

5CVSS8.1AI score0.00403EPSS
CVE
CVEadded 2012/04/11 10:39 a.m.39 views

CVE-2012-1499

The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."

9.3CVSS7.5AI score0.03847EPSS
CVE
CVEadded 2014/04/18 2:55 p.m.37 views

CVE-2013-4289

Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.

10CVSS8.8AI score0.02308EPSS
CVE
CVEadded 2014/04/18 2:55 p.m.36 views

CVE-2013-4290

Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c.

10CVSS8.9AI score0.01714EPSS
CVE
CVEadded yesterday0 views

CVE-2025-54874

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.

7.5CVSS6.5AI score
Total number of security vulnerabilities79