Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openjpeg vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-12214
In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
Freeimage Project Freeimage 3.18.0
4.3
CVSSv2
CVE-2019-6988
An issue exists in OpenJPEG 2.3.0. It allows remote malicious users to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.
Uclouvain Openjpeg 2.3.0
4.3
CVSSv2
CVE-2018-18088
OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c
Uclouvain Openjpeg 2.3.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
6.8
CVSSv2
CVE-2018-16376
An issue exists in OpenJPEG 2.3.0. A heap-based buffer overflow exists in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
Uclouvain Openjpeg 2.3.0
6.8
CVSSv2
CVE-2018-16375
An issue exists in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
Uclouvain Openjpeg 2.3.0
5
CVSSv2
CVE-2018-14423
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG up to and including 2.3.0 allow remote malicious users to cause a denial of service (application crash).
Uclouvain Openjpeg
Debian Debian Linux 9.0
Debian Debian Linux 8.0
6.8
CVSSv2
CVE-2014-0158
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG prior to 1.5.2 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and ...
Uclouvain Openjpeg
Opensuse Opensuse 13.1
Opensuse Opensuse 12.3
7.5
CVSSv2
CVE-2018-7648
An issue exists in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.
Uclouvain Openjpeg 2.3.0
4.3
CVSSv2
CVE-2018-6616
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
Uclouvain Openjpeg 2.3.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Oracle Georaster 18c
4.3
CVSSv2
CVE-2018-5785
In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
Uclouvain Openjpeg 2.3.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »