cbcvebase.

The Openjpeg Project Openjpeg2 vulnerabilities

67 known vulnerabilities affecting the_openjpeg_project/openjpeg2.

Total CVEs
67
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH27MEDIUM36

Vulnerabilities

Page 3 of 4
CVE-2016-10507P4MEDIUMCVSS 6.5≥ 0, < 2.1.2-12017-08-30
CVE-2016-10507 [MEDIUM] CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function in convertbmp Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.
osv
CVE-2016-4796P4MEDIUMCVSS 5.5≥ 0, < 2.1.1-12017-02-03
CVE-2016-4796 [MEDIUM] CVE-2016-4796: Heap-based buffer overflow in the color_cmyk_to_rgb in common/color Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.
osv
CVE-2018-5785P4MEDIUMCVSS 6.5≥ 0, < 2.3.0-22018-01-19
CVE-2018-5785 [MEDIUM] CVE-2018-5785: In OpenJPEG 2 In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
osv
CVE-2018-18088P4MEDIUMCVSS 6.5≥ 0, < 2.3.0-22018-10-09
CVE-2018-18088 [MEDIUM] CVE-2018-18088: OpenJPEG 2 OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c
osv
CVE-2018-5727P4MEDIUMCVSS 6.5≥ 0, < 2.3.1-12018-01-16
CVE-2018-5727 [MEDIUM] CVE-2018-5727: In OpenJPEG 2 In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
osv
CVE-2020-27843P4MEDIUMCVSS 5.5≥ 0, < 2.4.0-12021-01-05
CVE-2020-27843 [MEDIUM] CVE-2020-27843: A flaw was found in OpenJPEG in versions prior to 2 A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.
osv
CVE-2020-27824P4MEDIUMCVSS 5.5≥ 0, < 2.4.0-12021-05-13
CVE-2020-27824 [MEDIUM] CVE-2020-27824: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
osv
CVE-2016-10506P4MEDIUMCVSS 6.5≥ 0, < 2.2.0-12017-08-30
CVE-2016-10506 [MEDIUM] CVE-2016-10506: Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.
osv
CVE-2015-1239P4MEDIUMCVSS 6.5≥ 0, < 2.1.1-12017-10-18
CVE-2015-1239 [MEDIUM] CVE-2015-1239: Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cau Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.
osv
CVE-2016-3183P4MEDIUMCVSS 5.5≥ 0, < 2.1.1-12017-02-03
CVE-2016-3183 [MEDIUM] CVE-2016-3183: The sycc422_t_rgb function in common/color The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.
osv
CVE-2021-29338P4MEDIUMCVSS 5.5≥ 0, < 2.1.2-1.1+deb9u6ubuntu0.1~esm6≥ 0, < 2.3.0-2+deb10u2ubuntu0.1~esm3+3 more2024-11-05
CVE-2021-29338 [MEDIUM] openjpeg2 vulnerabilities openjpeg2 vulnerabilities It was discovered that OpenJPEG incorrectly handled certain memory operations when using the command line "-ImgDir" in a directory with a large number of files, leading to an integer overflow vulnerability. An attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-29338) It was discovered that
osv
CVE-2018-20845P4MEDIUMCVSS 6.5≥ 0, < 2.3.1-12019-06-26
CVE-2018-20845 [MEDIUM] CVE-2018-20845: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
osv
CVE-2018-20846P4MEDIUMCVSS 6.5≥ 0, < 2.3.1-12019-06-26
CVE-2018-20846 [MEDIUM] CVE-2018-20846: Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
osv
CVE-2017-12982P4MEDIUMCVSS 5.5≥ 0, < 2.3.0-12017-08-21
CVE-2017-12982 [MEDIUM] CVE-2017-12982: The bmp_read_info_header function in bin/jp2/convertbmp The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.
osv
CVE-2020-27845P4MEDIUMCVSS 5.5≥ 0, < 2.4.0-12021-01-05
CVE-2020-27845 [MEDIUM] CVE-2020-27845: There's a flaw in src/lib/openjp2/pi There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.
osv
CVE-2020-27841P4MEDIUMCVSS 5.5≥ 0, < 2.4.0-12021-01-05
CVE-2020-27841 [MEDIUM] CVE-2020-27841: There's a flaw in openjpeg in versions prior to 2 There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.
osv
CVE-2014-7945P4MEDIUMCVSS 5.0≥ 0, < 2.1.2-1.1+deb9u2build0.12015-01-22
CVE-2014-7945 [MEDIUM] CVE-2014-7945: OpenJPEG before r2908, as used in PDFium in Google Chrome before 40 OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.
osv
CVE-2014-7947P4MEDIUMCVSS 5.0≥ 0, < 2.1.1-12015-01-22
CVE-2014-7947 [MEDIUM] CVE-2014-7947: OpenJPEG before r2944, as used in PDFium in Google Chrome before 40 OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.
osv
CVE-2020-27842P4MEDIUMCVSS 5.5≥ 0, < 2.4.0-12021-01-05
CVE-2020-27842 [MEDIUM] CVE-2020-27842: There's a flaw in openjpeg's t2 encoder in versions prior to 2 There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.
osv
CVE-2024-56826P4MEDIUMCVSS 5.6≥ 0, < 2.4.0-3+deb11u1≥ 0, < 2.5.0-2+deb12u1+1 more2025-01-09
CVE-2024-56826 [MEDIUM] CVE-2024-56826: A flaw was found in the OpenJPEG project A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
osv
The Openjpeg Project Openjpeg2 vulnerabilities | cvebase