Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openjpeg vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-27845
There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions before 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application avai...
Uclouvain Openjpeg
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Outside In Technology 8.5.5
5.8
CVSSv2
CVE-2020-15389
jp2/opj_decompress.c in OpenJPEG up to and including 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_d...
Uclouvain Openjpeg
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
4.3
CVSSv2
CVE-2016-3182
The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG prior to 2.1.1 allows malicious users to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.
Uclouvain Openjpeg
6.8
CVSSv2
CVE-2020-8112
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
Uclouvain Openjpeg 2.3.1
Debian Debian Linux 8.0
5
CVSSv2
CVE-2020-6851
OpenJPEG up to and including 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
Uclouvain Openjpeg
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Eus 7.7
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
6.8
CVSSv2
CVE-2018-21010
OpenJPEG prior to 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
Uclouvain Openjpeg
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2019-12973
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
Uclouvain Openjpeg 2.3.1
Opensuse Leap 15.0
Opensuse Leap 15.1
Debian Debian Linux 9.0
Oracle Database Server 18c
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
4.3
CVSSv2
CVE-2018-20846
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG up to and including 2.3.0 allow remote malicious users to cause a denial of service (application crash).
Uclouvain Openjpeg
4.3
CVSSv2
CVE-2018-20845
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG up to and including 2.3.0 allow remote malicious users to cause a denial of service (application crash).
Uclouvain Openjpeg
6.8
CVSSv2
CVE-2018-20847
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG up to and including 2.3.0 can lead to an integer overflow.
Uclouvain Openjpeg
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »