Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openjpeg vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-18088
OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c
Uclouvain Openjpeg 2.3.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2018-5785
In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
Uclouvain Openjpeg 2.3.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
5.5
CVSSv3
CVE-2021-29338
Integer Overflow in OpenJPEG v2.4.0 allows remote malicious users to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
Uclouvain Openjpeg 2.4.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2017-17480
In OpenJPEG 2.3.0, a stack-based buffer overflow exists in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Uclouvain Openjpeg 2.3.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
7.8
CVSSv3
CVE-2020-27823
A flaw was found in OpenJPEG’s encoder. This flaw allows an malicious user to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Uclouvain Openjpeg
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5.5
CVSSv3
CVE-2022-1122
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a se...
Uclouvain Openjpeg 2.4.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
1 Github repository
5.5
CVSSv3
CVE-2020-27845
There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions before 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application avai...
Uclouvain Openjpeg
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Outside In Technology 8.5.5
5.5
CVSSv3
CVE-2020-27841
There's a flaw in openjpeg in versions before 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.
Uclouvain Openjpeg
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Outside In Technology 8.5.5
5.5
CVSSv3
CVE-2018-6616
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
Uclouvain Openjpeg 2.3.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Oracle Georaster 18c
5.5
CVSSv3
CVE-2020-27824
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
Uclouvain Openjpeg
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »