CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Uclouvain » Openjpeg » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-27845 125 2021-01-05 2021-06-14
4.3
None Remote Medium Not required None None Partial
There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.
2 CVE-2020-27844 20 2021-01-05 2021-06-14
8.3
None Remote Medium Not required Partial Partial Complete
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
3 CVE-2020-27843 125 2021-01-05 2021-06-14
7.1
None Remote Medium Not required None None Complete
A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.
4 CVE-2020-27842 125 2021-01-05 2021-06-14
4.3
None Remote Medium Not required None None Partial
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.
5 CVE-2020-27841 122 2021-01-05 2021-06-14
4.3
None Remote Medium Not required None None Partial
There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.
6 CVE-2020-27824 125 Overflow 2021-05-13 2021-06-02
4.3
None Remote Medium Not required None None Partial
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
7 CVE-2020-27823 787 2021-05-13 2021-06-02
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
8 CVE-2020-27814 122 Exec Code Overflow 2021-01-26 2021-04-02
6.8
None Remote Medium Not required Partial Partial Partial
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
9 CVE-2020-15389 416 2020-06-29 2021-04-02
5.8
None Remote Medium Not required Partial None Partial
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.
10 CVE-2020-6851 787 Overflow 2020-01-13 2021-04-02
5.0
None Remote Low Not required None None Partial
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
11 CVE-2018-21010 787 Overflow 2019-09-05 2021-01-28
6.8
None Remote Medium Not required Partial Partial Partial
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
12 CVE-2018-20847 190 Overflow 2019-06-26 2020-09-09
6.8
None Remote Medium Not required Partial Partial Partial
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
13 CVE-2018-20846 20 DoS 2019-06-26 2020-09-09
4.3
None Remote Medium Not required None None Partial
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
14 CVE-2018-20845 369 DoS 2019-06-26 2020-09-09
4.3
None Remote Medium Not required None None Partial
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
15 CVE-2018-14423 369 DoS 2018-07-19 2020-09-09
5.0
None Remote Low Not required None None Partial
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
16 CVE-2017-14164 119 DoS Exec Code Overflow 2017-09-06 2021-02-02
6.8
None Remote Medium Not required Partial Partial Partial
A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.
17 CVE-2017-14039 787 DoS Overflow 2017-08-30 2021-02-02
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
18 CVE-2017-12982 119 DoS Overflow 2017-08-21 2021-02-02
4.3
None Remote Medium Not required None None Partial
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.
19 CVE-2016-10507 190 DoS Overflow 2017-08-30 2020-09-09
4.3
None Remote Medium Not required None None Partial
Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.
20 CVE-2016-10506 369 DoS 2017-08-30 2020-09-09
4.3
None Remote Medium Not required None None Partial
Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.
21 CVE-2016-10505 476 DoS 2017-08-30 2020-09-09
4.3
None Remote Medium Not required None None Partial
NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.
22 CVE-2016-10504 119 DoS Overflow 2017-08-30 2020-09-09
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.
23 CVE-2016-9675 119 Exec Code Overflow 2016-12-22 2021-01-26
6.8
None Remote Medium Not required Partial Partial Partial
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
24 CVE-2016-7445 476 DoS 2016-10-03 2020-09-09
5.0
None Remote Low Not required None None Partial
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
25 CVE-2016-7163 125 Exec Code Overflow 2016-09-21 2021-01-26
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
26 CVE-2016-4797 369 DoS 2017-02-03 2020-09-09
4.3
None Remote Medium Not required None None Partial
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
27 CVE-2016-4796 119 DoS Overflow 2017-02-03 2020-09-09
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.
28 CVE-2016-3183 125 DoS 2017-02-03 2020-09-09
4.3
None Remote Medium Not required None None Partial
The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.
29 CVE-2016-3182 119 DoS Overflow Mem. Corr. 2020-02-20 2020-02-25
4.3
None Remote Medium Not required None None Partial
The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.
30 CVE-2016-1924 119 DoS Overflow 2016-01-27 2020-09-09
4.3
None Remote Medium Not required None None Partial
The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
31 CVE-2015-8871 416 2016-09-21 2020-09-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
32 CVE-2014-0158 119 DoS Overflow 2018-04-10 2020-09-09
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS."
33 CVE-2013-6054 119 Overflow 2013-12-12 2020-09-09
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.
34 CVE-2013-6052 200 +Info 2013-12-12 2020-09-09
5.0
None Remote Low Not required Partial None None
OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.
35 CVE-2013-6045 119 Exec Code Overflow 2013-12-12 2020-09-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.
36 CVE-2013-4290 119 Overflow 2014-04-18 2020-09-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c.
37 CVE-2013-4289 189 Overflow 2014-04-18 2020-09-09
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.
38 CVE-2013-1447 DoS 2013-12-12 2020-09-09
5.0
None Remote Low Not required None None Partial
OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors.
39 CVE-2012-3535 119 DoS Exec Code Overflow 2012-09-05 2020-09-09
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.
40 CVE-2012-1499 119 Exec Code Overflow Mem. Corr. 2012-04-11 2020-09-09
9.3
None Remote Medium Not required Complete Complete Complete
The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."
Total number of vulnerabilities : 40   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.