opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
Max CVSS
8.8
EPSS Score
1.28%
Published
2020-01-28
Updated
2021-04-02
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
Max CVSS
7.5
EPSS Score
1.24%
Published
2020-01-13
Updated
2022-04-29
The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.
Max CVSS
5.5
EPSS Score
0.10%
Published
2020-02-20
Updated
2020-09-09
3 vulnerabilities found