Uclouvain Openjpeg vulnerabilities

CVE-2020-6851 [HIGH] CWE-787 CVE-2020-6851: OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

CVE-2018-21010 [HIGH] CWE-787 CVE-2018-21010: OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.

CVE-2018-20847 [HIGH] CWE-190 CVE-2018-20847: An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.

CVE-2019-12973 [MEDIUM] CVE-2019-12973: In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.

CVE-2018-20846 [MEDIUM] CWE-20 CVE-2018-20846: Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_n Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

CVE-2018-20845 [MEDIUM] CWE-369 CVE-2018-20845: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in op Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

CVE-2019-6988 [MEDIUM] CWE-770 CVE-2019-6988: An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service ( An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

CVE-2018-18088 [MEDIUM] CWE-476 CVE-2018-18088: OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c

CVE-2018-16376 [HIGH] CWE-787 CVE-2018-16376: An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the functi An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

CVE-2018-16375 [HIGH] CWE-787 CVE-2018-16375: An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.wid An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.

CVE-2016-9581 [HIGH] CWE-122 CVE-2016-9581: An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

CVE-2016-9580 [HIGH] CWE-122 CVE-2016-9580: An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in h An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

CVE-2016-9573 [HIGH] CWE-125 CVE-2016-9573: An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Convertin An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

CVE-2016-9572 [MEDIUM] CWE-476 CVE-2016-9572: A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Du A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.

CVE-2018-14423 [HIGH] CWE-369 CVE-2018-14423: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in li Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

CVE-2014-0158 [HIGH] CVE-2014-0158: Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicat

CVE-2018-7648 [CRITICAL] CWE-119 CVE-2018-7648: An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checke An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.

CVE-2018-6616 [MEDIUM] CWE-400 CVE-2018-6616: In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

CVE-2018-5785 [MEDIUM] CWE-190 CVE-2018-5785: In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

CVE-2018-5727 [MEDIUM] CWE-190 CVE-2018-5727: In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (o In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.