cbcvebase.

The Openjpeg Project Openjpeg2 vulnerabilities

67 known vulnerabilities affecting the_openjpeg_project/openjpeg2.

Total CVEs
67
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH27MEDIUM36

Vulnerabilities

Page 1 of 4
CVE-2016-10504P3MEDIUMCVSS 6.5PoC≥ 0, < 2.2.0-12017-08-30
CVE-2016-10504 [MEDIUM] CVE-2016-10504: Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.
osv
CVE-2017-17480P3CRITICALCVSS 9.8≥ 0, < 2.3.0-2build0.18.04.12019-08-21
CVE-2017-17480 [CRITICAL] openjpeg2 vulnerabilities openjpeg2 vulnerabilities It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. (CVE-2017-17480) It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14423) It was discovered that OpenJPEG incorrectly handled certain PNM files
osv
CVE-2017-17479P3CRITICALCVSS 9.8≥ 0, < 2.3.0-22017-12-08
CVE-2017-17479 [CRITICAL] CVE-2017-17479: In OpenJPEG 2 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
osv
CVE-2016-5157P3HIGHCVSS 8.8≥ 0, < 2.1.2-12016-09-11
CVE-2016-5157 [HIGH] CVE-2016-5157: Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
osv
CVE-2017-14151P3HIGHCVSS 8.8≥ 0, < 2.3.0-12017-09-05
CVE-2017-14151 [HIGH] CVE-2017-14151: An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution.
osv
CVE-2017-14152P3HIGHCVSS 8.8≥ 0, < 2.3.0-12017-09-05
CVE-2017-14152 [HIGH] CVE-2017-14152: A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.
osv
CVE-2017-14041P3HIGHCVSS 8.8≥ 0, < 2.3.0-12017-08-30
CVE-2017-14041 [HIGH] CVE-2017-14041: A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
osv
CVE-2025-54874P3MEDIUMCVSS 6.6≥ 0, < 2.5.3-2.1~deb13u1≥ 0, < 2.5.3-2.12025-08-05
CVE-2025-54874 [MEDIUM] CVE-2025-54874: OpenJPEG is an open-source JPEG 2000 codec OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
osv
CVE-2020-8112P3HIGHCVSS 7.5≥ 0, < 2.4.0-12020-01-28
CVE-2020-8112 [HIGH] CVE-2020-8112: opj_t1_clbl_decode_processor in openjp2/t1 opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
osv
CVE-2015-8871P3CRITICALCVSS 9.8≥ 0, < 2.1.1-12016-09-21
CVE-2015-8871 [CRITICAL] CVE-2015-8871: Use-after-free vulnerability in the opj_j2k_write_mco function in j2k Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
osv
CVE-2016-7163P3HIGHCVSS 7.8≥ 0, < 2.1.2-12016-09-21
CVE-2016-7163 [HIGH] CVE-2016-7163: Integer overflow in the opj_pi_create_decode function in pi Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
osv
CVE-2018-7648P3CRITICALCVSS 9.8≥ 0, < 2.3.1-12018-03-02
CVE-2018-7648 [CRITICAL] CVE-2018-7648: An issue was discovered in mj2/opj_mj2_extract An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.
osv
CVE-2020-6851P3HIGHCVSS 7.5≥ 0, < 2.4.0-12020-01-13
CVE-2020-6851 [HIGH] CVE-2020-6851: OpenJPEG through 2 OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
osv
CVE-2017-14039P3HIGHCVSS 8.8≥ 0, < 2.3.0-12017-08-30
CVE-2017-14039 [HIGH] CVE-2017-14039: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2 A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
osv
CVE-2018-16375P3HIGHCVSS 8.8≥ 0, < 2.3.1-12018-09-03
CVE-2018-16375 [HIGH] CVE-2018-16375: An issue was discovered in OpenJPEG 2 An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
osv
CVE-2016-9580P3HIGHCVSS 8.8v2.1.22018-08-01
CVE-2016-9580 [HIGH] CWE-122 CVE-2016-9580: An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in h An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.
nvd
CVE-2016-9581P3HIGHCVSS 8.8v2.1.22018-08-01
CVE-2016-9581 [HIGH] CWE-122 CVE-2016-9581: An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.
nvd
CVE-2018-21010P3HIGHCVSS 8.8≥ 0, < 2.3.1-12019-09-05
CVE-2018-21010 [HIGH] CVE-2018-21010: OpenJPEG before 2 OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
osv
CVE-2018-20847P3HIGHCVSS 8.8≥ 0, < 2.3.1-12019-06-26
CVE-2018-20847 [HIGH] CVE-2018-20847: An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
osv
CVE-2016-5159P3HIGHCVSS 8.8≥ 0, < 2.1.2-12016-09-11
CVE-2016-5159 [HIGH] CVE-2016-5159: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53 Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.
osv
The Openjpeg Project Openjpeg2 vulnerabilities | cvebase