The Openjpeg Project Openjpeg2 vulnerabilities
67 known vulnerabilities affecting the_openjpeg_project/openjpeg2.
Total CVEs
67
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH27MEDIUM36
Vulnerabilities
Page 4 of 4
CVE-2024-56827P4MEDIUMCVSS 5.6≥ 0, < 2.4.0-3+deb11u1≥ 0, < 2.5.0-2+deb12u1+1 more2025-01-09
CVE-2024-56827 [MEDIUM] CVE-2024-56827: A flaw was found in the OpenJPEG project
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
osv
CVE-2019-12973P4MEDIUMCVSS 5.5≥ 0, < 2.4.0-12019-06-26
CVE-2019-12973 [MEDIUM] CVE-2019-12973: In OpenJPEG 2
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
osv
CVE-2022-1122P4MEDIUMCVSS 5.5≥ 0, < 2.4.0-3+deb11u1≥ 0, < 2.5.0-12022-03-29
CVE-2022-1122 [MEDIUM] CVE-2022-1122: A flaw was found in the opj2_decompress program in openjpeg2 2
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
osv
CVE-2018-6616P4MEDIUMCVSS 5.5≥ 0, < 2.3.0-22018-02-04
CVE-2018-6616 [MEDIUM] CVE-2018-6616: In OpenJPEG 2
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
osv
CVE-2016-3182P4MEDIUMCVSS 5.5≥ 0, < 2.1.1-12020-02-20
CVE-2016-3182 [MEDIUM] CVE-2016-3182: The color_esycc_to_rgb function in bin/common/color
The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.
osv
CVE-2016-1626P4MEDIUMCVSS 4.3≥ 0, < 2.1.2-1.22016-02-14
CVE-2016-1626 [MEDIUM] CVE-2016-1626: The opj_pi_update_decode_poc function in pi
The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
osv
CVE-2016-4797P4MEDIUMCVSS 5.0≥ 0, < 2.1.1-12017-02-03
CVE-2016-4797 [MEDIUM] CVE-2016-4797: Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
osv
← Previous4 / 4