The Openjpeg Project Openjpeg2 vulnerabilities

CVE-2017-14041 [HIGH] CVE-2017-14041: A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

CVE-2017-14040 [HIGH] CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.

CVE-2016-10507 [MEDIUM] CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function in convertbmp Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.

CVE-2016-10506 [MEDIUM] CVE-2016-10506: Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

CVE-2016-10504 [MEDIUM] CVE-2016-10504: Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.

CVE-2017-12982 [MEDIUM] CVE-2017-12982: The bmp_read_info_header function in bin/jp2/convertbmp The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.

CVE-2016-4796 [MEDIUM] CVE-2016-4796: Heap-based buffer overflow in the color_cmyk_to_rgb in common/color Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

CVE-2016-3183 [MEDIUM] CVE-2016-3183: The sycc422_t_rgb function in common/color The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.

CVE-2016-4797 [MEDIUM] CVE-2016-4797: Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.

CVE-2016-9118 [MEDIUM] CVE-2016-9118: Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.

CVE-2016-9112 [HIGH] CVE-2016-9112: Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.

CVE-2016-8332 [HIGH] CVE-2016-8332: A buffer overflow in OpenJPEG 2 A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a maliciou

CVE-2016-7445 [HIGH] CVE-2016-7445: convert convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

CVE-2015-8871 [CRITICAL] CVE-2015-8871: Use-after-free vulnerability in the opj_j2k_write_mco function in j2k Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

CVE-2016-7163 [HIGH] CVE-2016-7163: Integer overflow in the opj_pi_create_decode function in pi Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

CVE-2016-5158 [HIGH] CVE-2016-5158: Multiple integer overflows in the opj_tcd_init_tile function in tcd Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.

CVE-2016-5152 [HIGH] CVE-2016-5152: Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.

CVE-2016-5157 [HIGH] CVE-2016-5157: Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.

CVE-2016-5159 [HIGH] CVE-2016-5159: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53 Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.

CVE-2016-5139 [HIGH] CVE-2016-5139: Multiple integer overflows in the opj_tcd_init_tile function in tcd Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.