Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
uclouvain openjpeg 2.3.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-17480
In OpenJPEG 2.3.0, a stack-based buffer overflow exists in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Uclouvain Openjpeg 2.3.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
5.5
CVSSv3
CVE-2018-6616
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
Uclouvain Openjpeg 2.3.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Oracle Georaster 18c
8.8
CVSSv3
CVE-2018-20847
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG up to and including 2.3.0 can lead to an integer overflow.
Uclouvain Openjpeg
Debian Debian Linux 8.0
8.8
CVSSv3
CVE-2020-8112
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
Uclouvain Openjpeg 2.3.1
Debian Debian Linux 8.0
7.8
CVSSv3
CVE-2020-27814
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
Uclouvain Openjpeg
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2018-14423
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG up to and including 2.3.0 allow remote malicious users to cause a denial of service (application crash).
Uclouvain Openjpeg
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5.5
CVSSv3
CVE-2021-29338
Integer Overflow in OpenJPEG v2.4.0 allows remote malicious users to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
Uclouvain Openjpeg 2.4.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
7.8
CVSSv3
CVE-2020-27823
A flaw was found in OpenJPEG’s encoder. This flaw allows an malicious user to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Uclouvain Openjpeg
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5.5
CVSSv3
CVE-2020-27845
There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions before 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application avai...
Uclouvain Openjpeg
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Outside In Technology 8.5.5
5.5
CVSSv3
CVE-2020-27841
There's a flaw in openjpeg in versions before 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.
Uclouvain Openjpeg
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Outside In Technology 8.5.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »