Openjpeg Security Vulnerabilities and Issues — Openjpeg CVE List

Lucene search

UclouvainOpenjpeg

13 matches found

CVE•added 2018/02/04 10:29 p.m.•233 views

CVE-2018-6616

In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

5.5CVSS5.6AI score0.00075EPSS

CVE•added 2018/01/19 8:29 a.m.•174 views

CVE-2018-5785

In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

6.5CVSS6.4AI score0.00779EPSS

CVE•added 2018/01/16 10:29 p.m.•159 views

CVE-2018-5727

In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

6.5CVSS6.8AI score0.00724EPSS

CVE•added 2018/07/19 7:29 p.m.•134 views

CVE-2018-14423

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

7.5CVSS6.7AI score0.01616EPSS

CVE•added 2018/10/09 8:29 p.m.•122 views

CVE-2018-18088

OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c

6.5CVSS5.9AI score0.01029EPSS

CVE•added 2018/08/01 2:29 p.m.•89 views

CVE-2016-9581

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

8.8CVSS8.7AI score0.00352EPSS

CVE•added 2018/09/03 12:29 a.m.•89 views

CVE-2018-16375

An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.

8.8CVSS7.2AI score0.00437EPSS

CVE•added 2018/08/01 4:29 p.m.•80 views

CVE-2016-9580

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

8.8CVSS8.7AI score0.00396EPSS

CVE•added 2018/08/01 6:29 a.m.•75 views

CVE-2016-9573

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

8.1CVSS7.7AI score0.01413EPSS

CVE•added 2018/08/01 4:29 p.m.•72 views

CVE-2016-9572

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.

6.5CVSS7AI score0.01771EPSS

CVE•added 2018/09/03 12:29 a.m.•68 views

CVE-2018-16376

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

8.8CVSS8.8AI score0.00566EPSS

CVE•added 2018/04/10 3:29 p.m.•65 views

CVE-2014-0158

Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction...

8.8CVSS8.7AI score0.06297EPSS

CVE•added 2018/03/02 4:29 p.m.•54 views

CVE-2018-7648

An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.

9.8CVSS9.4AI score0.00592EPSS