Product:

Openjpeg

(Uclouvain)
Repositories https://github.com/uclouvain/openjpeg
https://github.com/szukw000/openjpeg
https://github.com/kbabioch/openjpeg
#Vulnerabilities 76
Date Id Summary Products Score Patch Annotated
2014-04-18 CVE-2013-4289 Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow. Openjpeg N/A
2013-12-12 CVE-2013-1447 OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors. Openjpeg N/A
2012-04-11 CVE-2012-1499 The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write." Openjpeg N/A
2018-10-09 CVE-2018-18088 OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c Debian_linux, Openjpeg 6.5
2019-01-28 CVE-2019-6988 An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. Openjpeg 6.5
2018-09-02 CVE-2018-16376 An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. Openjpeg 8.8
2017-12-08 CVE-2017-17479 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. Openjpeg 9.8