Search CVE reports


Toggle filters

41 – 50 of 74 results


CVE-2015-1239

Medium priority
Fixed

Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not in release Not in release Not affected
openjpeg2 Not affected Not affected Not affected Fixed
Show less packages

CVE-2017-14164

Low priority

Some fixes available 1 of 3

A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting...

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not affected
openjpeg2 Not affected Fixed
Show less packages

CVE-2017-14152

Medium priority

Some fixes available 2 of 3

A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow...

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not affected
openjpeg2 Not affected Fixed
Show less packages

CVE-2017-14151

Medium priority

Some fixes available 3 of 4

An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer...

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not affected
openjpeg2 Fixed Fixed
Show less packages

CVE-2017-14041

Medium priority

Some fixes available 6 of 7

A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not affected
openjpeg2 Fixed Fixed
Show less packages

CVE-2017-14040

Medium priority

Some fixes available 6 of 7

An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not affected
openjpeg2 Fixed Fixed
Show less packages

CVE-2017-14039

Medium priority

Some fixes available 6 of 7

A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or...

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not affected
openjpeg2 Fixed Fixed
Show less packages

CVE-2016-10507

Medium priority

Some fixes available 1 of 3

Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not affected
openjpeg2 Not affected Fixed
Show less packages

CVE-2016-10506

Medium priority

Some fixes available 2 of 5

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

3 affected packages

ghostscript, openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Not affected Not affected Not affected Not affected Not affected
openjpeg Not in release Not in release Not in release Not in release Fixed
openjpeg2 Not affected Not affected Not affected Not affected Fixed
Show less packages

CVE-2016-10505

Medium priority
Ignored

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow...

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not affected
openjpeg2 Not affected Not affected
Show less packages