Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openjpeg
(Uclouvain)| Repositories |
• https://github.com/uclouvain/openjpeg
• https://github.com/szukw000/openjpeg • https://github.com/kbabioch/openjpeg |
| #Vulnerabilities | 76 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-08-30 | CVE-2016-10505 | NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | Openjpeg | 6.5 | ||
| 2017-08-30 | CVE-2016-10504 | Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. | Openjpeg | 6.5 | ||
| 2016-09-21 | CVE-2015-8871 | Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors. | Debian_linux, Openjpeg | 9.8 | ||
| 2018-04-10 | CVE-2014-0158 | Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in... | Opensuse, Openjpeg | 8.8 | ||
| 2014-04-27 | CVE-2013-6887 | OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. | Openjpeg | N/A | ||
| 2013-12-12 | CVE-2013-6054 | Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045. | Openjpeg | N/A | ||
| 2014-04-27 | CVE-2013-6053 | OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | Openjpeg | N/A | ||
| 2013-12-12 | CVE-2013-6052 | OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | Openjpeg | N/A | ||
| 2013-12-12 | CVE-2013-6045 | Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors. | Openjpeg | N/A | ||
| 2014-04-18 | CVE-2013-4290 | Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c. | Openjpeg | N/A |