cbcvebase.

Debian Openjpeg2 vulnerabilities

79 known vulnerabilities affecting debian/openjpeg2.

Total CVEs
79
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH20MEDIUM30LOW27

Vulnerabilities

Page 4 of 4
CVE-2016-1923MEDIUMCVSS 6.5fixed in openjpeg2 2.1.1-1 (bookworm)2016
CVE-2016-1923 [MEDIUM] CVE-2016-1923: openjpeg2 - Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg... Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. Scope: local bookworm: resolved (fixed in 2.1.1-1) bullseye: resolved (fixed in 2.1.1-1) forky: resolved (fixed in 2.1.1-1) sid: resolved (fixed in
debian
CVE-2016-9573MEDIUMCVSS 6.5fixed in openjpeg2 2.1.2-1.1 (bookworm)2016
CVE-2016-9573 [MEDIUM] CVE-2016-9573: openjpeg2 - An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_i... An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. Scope: local bookworm: resolved (fixed in 2.1.2-1.1) bullseye: resolved (fixed in 2.1.2-1.1) forky: resolved (fixed in 2.1.2
debian
CVE-2016-4797MEDIUMCVSS 5.0fixed in openjpeg2 2.1.1-1 (bookworm)2016
CVE-2016-4797 [MEDIUM] CVE-2016-4797: openjpeg2 - Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJ... Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. Scope: local bookworm: resolved (fixed in 2.1.1-1) bullseye: resolved (fixed in 2.1.1-1) forky: resol
debian
CVE-2016-1628MEDIUMCVSS 6.3fixed in openjpeg2 2.1.2-1.2 (bookworm)2016
CVE-2016-1628 [MEDIUM] CVE-2016-1628: openjpeg2 - pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does ... pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions. Scope: l
debian
CVE-2016-9581LOWCVSS 3.32016
CVE-2016-9581 [LOW] CVE-2016-9581: openjpeg2 - An infinite loop vulnerability in tiftoimage that results in heap buffer overflo... An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2016-10505LOWCVSS 6.52016
CVE-2016-10505 [MEDIUM] CVE-2016-10505: openjpeg2 - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c... NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. Scope: local bookworm: open bullseye: open fork
debian
CVE-2016-9113LOWCVSS 7.52016
CVE-2016-9113 [HIGH] CVE-2016-9113: openjpeg2 - There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 o... There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2016-9115LOWCVSS 6.52016
CVE-2016-9115 [MEDIUM] CVE-2016-9115: openjpeg2 - Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2... Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2016-9116LOWCVSS 6.52016
CVE-2016-9116 [MEDIUM] CVE-2016-9116: openjpeg2 - NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.... NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2016-7445LOWCVSS 7.5fixed in openjpeg2 2.1.2-1 (bookworm)2016
CVE-2016-7445 [HIGH] CVE-2016-7445: openjpeg2 - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of ... convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. Scope: local bookworm: resolved (fixed in 2.1.2-1) bullseye: resolved (fixed in 2.1.2-1) forky: resolved (fixed in 2.1.2-1) sid: resolved (fixed in 2.1.2-1) trixie: resolved (fixed in 2.1.2-1)
debian
CVE-2016-10506LOWCVSS 6.5fixed in openjpeg2 2.2.0-1 (bookworm)2016
CVE-2016-10506 [MEDIUM] CVE-2016-10506: openjpeg2 - Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_... Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. Scope: local bookworm: resolved (fixed in 2.2.0-1) bullseye: resolved (fixed in 2.2.0-1) forky: resolved (fixed in 2.2.0-1) sid:
debian
CVE-2016-9117LOWCVSS 6.52016
CVE-2016-9117 [MEDIUM] CVE-2016-9117: openjpeg2 - NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.... NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2016-9114LOWCVSS 7.52016
CVE-2016-9114 [HIGH] CVE-2016-9114: openjpeg2 - There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of ... There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2016-9580LOWCVSS 3.32016
CVE-2016-9580 [LOW] CVE-2016-9580: openjpeg2 - An integer overflow vulnerability was found in tiftoimage function in openjpeg 2... An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2016-3183LOWCVSS 5.5fixed in openjpeg2 2.1.1-1 (bookworm)2016
CVE-2016-3183 [MEDIUM] CVE-2016-3183: openjpeg2 - The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows rem... The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. Scope: local bookworm: resolved (fixed in 2.1.1-1) bullseye: resolved (fixed in 2.1.1-1) forky: resolved (fixed in 2.1.1-1) sid: resolved (fixed in 2.1.1-1) trixie: resolved (fixed in 2.1.1-1)
debian
CVE-2015-8871CRITICALCVSS 9.8fixed in openjpeg2 2.1.1-1 (bookworm)2015
CVE-2015-8871 [CRITICAL] CVE-2015-8871: openjpeg2 - Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJ... Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors. Scope: local bookworm: resolved (fixed in 2.1.1-1) bullseye: resolved (fixed in 2.1.1-1) forky: resolved (fixed in 2.1.1-1) sid: resolved (fixed in 2.1.1-1) trixie: resolved (fixed in 2.1.1-1)
debian
CVE-2015-6581HIGHCVSS 7.5fixed in openjpeg2 2.1.1-1 (bookworm)2015
CVE-2015-6581 [HIGH] CVE-2015-6581: openjpeg2 - Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd functio... Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure. Scope: local bookworm: resolved (fixed in 2.1.1-
debian
CVE-2015-1239MEDIUMCVSS 6.5fixed in openjpeg2 2.1.1-1 (bookworm)2015
CVE-2015-1239 [MEDIUM] CVE-2015-1239: openjpeg2 - Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r29... Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. Scope: local bookworm: resolved (fixed in 2.1.1-1) bullseye: resolved (fixed in 2.1.1-1) forky: resolved (fixed in 2.1.1-1) sid: resolved (fixed in 2.1.1-1) t
debian
CVE-2014-7947MEDIUMCVSS 5.0fixed in openjpeg2 2.1.1-1 (bookworm)2014
CVE-2014-7947 [MEDIUM] CVE-2014-7947: openjpeg2 - OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, a... OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c. Scope: local bookworm: resolved (fixed in 2.1.1-1) bullseye: resolved (fixed in 2.1.1-1) forky: resolved (fixed in 2.1.1-1) sid: re
debian
← Previous4 / 4