Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openjpeg vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-27824
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
Uclouvain Openjpeg
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5.8
CVSSv2
CVE-2020-15389
jp2/opj_decompress.c in OpenJPEG up to and including 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_d...
Uclouvain Openjpeg
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
7.1
CVSSv2
CVE-2020-27843
A flaw was found in OpenJPEG in versions before 2.4.0. This flaw allows an malicious user to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.
Uclouvain Openjpeg
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Outside In Technology 8.5.5
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2019-12973
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
Uclouvain Openjpeg 2.3.1
Opensuse Leap 15.0
Opensuse Leap 15.1
Debian Debian Linux 9.0
Oracle Database Server 18c
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
4.3
CVSSv2
CVE-2020-27842
There's a flaw in openjpeg's t2 encoder in versions before 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.
Uclouvain Openjpeg
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Extra Packages For Enterprise Linux 7.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems 8.0
Redhat Codeready Linux Builder For Ibm Z Systems 8.0
Redhat Codeready Linux Builder 8.0
Redhat Codeready Linux Builder For Power Little Endian 8.0
Oracle Outside In Technology 8.5.5
5
CVSSv2
CVE-2020-6851
OpenJPEG up to and including 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
Uclouvain Openjpeg
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Eus 7.7
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
7.5
CVSSv2
CVE-2014-7903
Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome prior to 39.0.2171.65, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image.
Google Chrome
5
CVSSv2
CVE-2019-12214
In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
Freeimage Project Freeimage 3.18.0
7.5
CVSSv2
CVE-2015-6581
Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome prior to 45.0.2454.85, allows remote malicious users to execute arbitrary code or cause a denial of service (heap memory corrupt...
Google Chrome
7.5
CVSSv2
CVE-2014-7901
Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome prior to 39.0.2171.65, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a ...
Google Chrome
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »