Uclouvain Openjpeg vulnerabilities

83 known vulnerabilities affecting uclouvain/openjpeg.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL8HIGH30MEDIUM45

Vulnerabilities

Page 4 of 5

CVE-2016-9115MEDIUMCVSS 6.5v2.1.22016-10-30

CVE-2016-9115 [MEDIUM] CWE-119 CVE-2016-9115: Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Deni Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

nvd

CVE-2016-9117MEDIUMCVSS 6.5v2.1.22016-10-30

CVE-2016-9117 [MEDIUM] CWE-476 CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denia NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

nvd

CVE-2016-9116MEDIUMCVSS 6.5v2.1.22016-10-30

CVE-2016-9116 [MEDIUM] CWE-476 CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denia NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

nvd

CVE-2016-9118MEDIUMCVSS 5.3v2.1.22016-10-30

CVE-2016-9118 [MEDIUM] CWE-119 CVE-2016-9118: Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.

nvd

CVE-2016-9112HIGHCVSS 7.5v2.1.22016-10-29

CVE-2016-9112 [HIGH] CWE-369 CVE-2016-9112: Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:52 Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.

nvd

CVE-2016-8332HIGHCVSS 7.8v2.1.12016-10-28

CVE-2016-8332 [HIGH] CWE-119 CVE-2016-8332: A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code

nvd

CVE-2016-7445HIGHCVSS 7.5≤ 2.1.12016-10-03

CVE-2016-7445 [HIGH] CWE-476 CVE-2016-7445: convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointe convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

nvdosv

CVE-2015-8871CRITICALCVSS 9.8≤ 2.1.02016-09-21

CVE-2015-8871 [CRITICAL] CWE-416 CVE-2015-8871: Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 all Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

nvd

CVE-2016-7163HIGHCVSS 7.8fixed in 2.2.02016-09-21

CVE-2016-7163 [HIGH] CWE-190 CVE-2016-7163: Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

nvd

CVE-2016-1924MEDIUMCVSS 6.5≤ 2.1.02016-01-27

CVE-2016-1924 [MEDIUM] CWE-119 CVE-2016-1924: The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of servic The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

nvd

CVE-2016-1923MEDIUMCVSS 6.5v2.1.02016-01-27

CVE-2016-1923 [MEDIUM] CWE-119 CVE-2016-1923: Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows re Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

nvd

CVE-2013-6053MEDIUMCVSS 5.0v1.5.12014-04-27

CVE-2013-6053 [MEDIUM] CWE-20 CVE-2013-6053: OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

nvd

CVE-2013-6887MEDIUMCVSS 6.4v1.5.12014-04-27

CVE-2013-6887 [MEDIUM] CWE-20 CVE-2013-6887: OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that tri OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.

nvd

CVE-2013-4290CRITICALCVSS 10.0≤ 1.5.1v1.3+2 more2014-04-18

CVE-2013-4290 [CRITICAL] CWE-119 CVE-2013-4290: Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified imp Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c.

nvd

CVE-2013-4289CRITICALCVSS 10.0≤ 1.5.1v1.3+2 more2014-04-18

CVE-2013-4289 [CRITICAL] CWE-189 CVE-2013-4289: Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.

nvd

CVE-2013-6054HIGHCVSS 7.5≤ 1.32013-12-12

CVE-2013-6054 [HIGH] CVE-2013-6054: Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vu Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.

nvdosv

CVE-2013-6045HIGHCVSS 7.5≤ 1.32013-12-12

CVE-2013-6045 [HIGH] CWE-119 CVE-2013-6045: Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to exe Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.

nvdosv

CVE-2013-6052MEDIUMCVSS 5.0≤ 1.32013-12-12

CVE-2013-6052 [MEDIUM] CWE-200 CVE-2013-6052: OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vec OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

nvdosv

CVE-2013-1447MEDIUMCVSS 5.0≤ 1.32013-12-12

CVE-2013-1447 [MEDIUM] CVE-2013-1447: OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors.

nvdosv

CVE-2012-3535MEDIUMCVSS 6.8≤ 1.5v1.3+1 more2012-09-05

CVE-2012-3535 [MEDIUM] CWE-119 CVE-2012-3535: Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial o Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.

nvd

← Previous4 / 5Next →