Search CVE reports


Toggle filters

31 – 40 of 74 results


CVE-2016-9572

Medium priority

Some fixes available 1 of 6

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could...

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not in release Not in release Ignored
openjpeg2 Not affected Not affected Not affected Fixed
Show less packages

CVE-2016-9581

Medium priority
Ignored

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not in release Not in release Ignored
openjpeg2 Not affected Not affected Not affected Not affected
Show less packages

CVE-2016-9573

Medium priority

Some fixes available 1 of 6

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data...

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not in release Not in release Ignored
openjpeg2 Not affected Not affected Not affected Fixed
Show less packages

CVE-2018-14423

Low priority

Some fixes available 2 of 5

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not in release Not in release Not affected
openjpeg2 Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-7648

Medium priority
Not affected

An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not affected
openjpeg2 Not affected
Show less packages

CVE-2018-6616

Medium priority

Some fixes available 2 of 4

In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not affected
openjpeg2 Fixed Fixed
Show less packages

CVE-2018-5785

Medium priority

Some fixes available 2 of 4

In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a...

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not affected
openjpeg2 Fixed Fixed
Show less packages

CVE-2018-5727

Negligible priority

Some fixes available 4 of 10

In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

3 affected packages

ghostscript, openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Not affected Not affected Fixed Fixed
openjpeg Not in release Not in release Not in release Ignored
openjpeg2 Not affected Not affected Fixed Fixed
Show less packages

CVE-2017-17479

Medium priority

Some fixes available 3 of 8

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not in release Not in release Not in release Fixed
openjpeg2 Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2017-17480

Medium priority

Some fixes available 2 of 6

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not in release Not in release Not affected
openjpeg2 Not affected Not affected Fixed Fixed
Show less packages