IDCVSSSummaryLast (major) updatePublished
CVE-2018-7648 7.5
An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.
02-03-2018 - 11:29 02-03-2018 - 11:29
CVE-2018-6616 4.3
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
04-02-2018 - 17:29 04-02-2018 - 17:29
CVE-2018-5785 4.3
In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
19-01-2018 - 03:29 19-01-2018 - 03:29
CVE-2018-5727 4.3
In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
16-01-2018 - 17:29 16-01-2018 - 17:29
CVE-2017-17480 7.5
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
08-12-2017 - 14:29 08-12-2017 - 14:29
CVE-2017-17479 7.5
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
08-12-2017 - 14:29 08-12-2017 - 14:29
CVE-2015-1239 4.3
Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.
18-10-2017 - 13:29 18-10-2017 - 13:29
CVE-2017-14164 6.8
A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE i
06-09-2017 - 14:29 06-09-2017 - 14:29
CVE-2017-14152 6.8
A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write
05-09-2017 - 12:29 05-09-2017 - 12:29
CVE-2017-14151 6.8
An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_m
05-09-2017 - 12:29 05-09-2017 - 12:29
CVE-2017-14041 6.8
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
30-08-2017 - 18:29 30-08-2017 - 18:29
CVE-2017-14040 6.8
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.
30-08-2017 - 18:29 30-08-2017 - 18:29
CVE-2017-14039 6.8
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
30-08-2017 - 18:29 30-08-2017 - 18:29
CVE-2016-10507 4.3
Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.
30-08-2017 - 05:29 30-08-2017 - 05:29
CVE-2016-10506 4.3
Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.
30-08-2017 - 05:29 30-08-2017 - 05:29
CVE-2016-10505 4.3
NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to ca
30-08-2017 - 05:29 30-08-2017 - 05:29
CVE-2016-10504 4.3
Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.
30-08-2017 - 05:29 30-08-2017 - 05:29
CVE-2017-12982 4.3
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib
21-08-2017 - 03:29 21-08-2017 - 03:29
CVE-2016-4797 4.3
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for
07-02-2017 - 15:28 03-02-2017 - 11:59
CVE-2016-4796 4.3
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.
07-02-2017 - 14:41 03-02-2017 - 11:59
CVE-2016-3183 4.3
The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.
07-02-2017 - 13:56 03-02-2017 - 11:59
CVE-2013-4289 10.0
Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.
02-01-2017 - 21:59 18-04-2014 - 10:55
CVE-2013-4290 10.0
Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c.
30-12-2016 - 21:59 18-04-2014 - 10:55
CVE-2016-9675 6.8
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
23-12-2016 - 09:44 22-12-2016 - 16:59
CVE-2016-7445 5.0
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
02-12-2016 - 18:19 03-10-2016 - 12:09
CVE-2016-9114 5.0
There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
29-11-2016 - 14:15 30-10-2016 - 18:59
CVE-2016-9113 5.0
There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
29-11-2016 - 14:15 30-10-2016 - 18:59
CVE-2016-9112 5.0
Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.
29-11-2016 - 14:13 29-10-2016 - 06:59
CVE-2016-9118 5.0
Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.
29-11-2016 - 14:12 30-10-2016 - 18:59
CVE-2016-9117 4.3
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
29-11-2016 - 14:12 30-10-2016 - 18:59
CVE-2016-9116 4.3
NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
29-11-2016 - 14:12 30-10-2016 - 18:59
CVE-2016-9115 4.3
Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
29-11-2016 - 14:10 30-10-2016 - 18:59
CVE-2016-8332 6.8
A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted
28-11-2016 - 15:40 28-10-2016 - 10:59
CVE-2016-1924 4.3
The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
22-09-2016 - 21:59 27-01-2016 - 15:59
CVE-2016-7163 6.8
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
21-09-2016 - 16:02 21-09-2016 - 10:25
CVE-2015-8871 7.5
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
21-09-2016 - 12:13 21-09-2016 - 10:25
CVE-2016-1923 4.3
Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
22-02-2016 - 18:26 27-01-2016 - 15:59
CVE-2013-6054 7.5
Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.
27-07-2015 - 12:11 12-12-2013 - 13:55
CVE-2013-6045 7.5
Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.
27-07-2015 - 12:10 12-12-2013 - 13:55
CVE-2013-6052 5.0
OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.
05-05-2014 - 01:29 12-12-2013 - 13:55
CVE-2013-1447 5.0
OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors.
05-05-2014 - 01:20 12-12-2013 - 13:55
CVE-2013-6053 5.0
OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.
28-04-2014 - 13:38 27-04-2014 - 18:55
CVE-2013-6887 6.4
OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.
28-04-2014 - 13:35 27-04-2014 - 16:55
CVE-2012-1499 9.3
The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."
03-10-2013 - 14:58 11-04-2012 - 06:39
CVE-2012-3535 6.8
Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.
04-04-2013 - 23:12 05-09-2012 - 19:55
CVE-2009-5030 6.8
The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insuffici
21-07-2012 - 23:09 18-07-2012 - 18:55
CVE-2012-3358 10.0
Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in
19-07-2012 - 12:08 18-07-2012 - 19:55
Back to Top Mark selected
Back to Top