The Openjpeg Project Openjpeg2 vulnerabilities

67 known vulnerabilities affecting the_openjpeg_project/openjpeg2.

Total CVEs
67
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH27MEDIUM36

Vulnerabilities

Page 4 of 4
CVE-2016-1628MEDIUMCVSS 6.3≥ 0, < 2.1.2-1.22016-02-21
CVE-2016-1628 [MEDIUM] CVE-2016-1628: pi pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.
osv
CVE-2016-1626MEDIUMCVSS 4.3≥ 0, < 2.1.2-1.22016-02-14
CVE-2016-1626 [MEDIUM] CVE-2016-1626: The opj_pi_update_decode_poc function in pi The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
osv
CVE-2016-1923MEDIUMCVSS 6.5≥ 0, < 2.1.1-12016-01-27
CVE-2016-1923 [MEDIUM] CVE-2016-1923: Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016 Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
osv
CVE-2016-1924MEDIUMCVSS 6.5≥ 0, < 2.1.1-12016-01-27
CVE-2016-1924 [MEDIUM] CVE-2016-1924: The opj_tgt_reset function in OpenJpeg 2016 The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
osv
CVE-2015-6581HIGHCVSS 7.5≥ 0, < 2.1.1-12015-09-03
CVE-2015-6581 [HIGH] CVE-2015-6581: Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.
osv
CVE-2014-7947MEDIUMCVSS 5.0≥ 0, < 2.1.1-12015-01-22
CVE-2014-7947 [MEDIUM] CVE-2014-7947: OpenJPEG before r2944, as used in PDFium in Google Chrome before 40 OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.
osv
CVE-2014-7945MEDIUMCVSS 5.0≥ 0, < 2.1.2-1.1+deb9u2build0.12015-01-22
CVE-2014-7945 [MEDIUM] CVE-2014-7945: OpenJPEG before r2908, as used in PDFium in Google Chrome before 40 OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.
osv
← Previous4 / 4