Search CVE reports

11 – 20 of 79 results

Detailed view

Sort by:

CVE-2020-27845

Medium priority

Some fixes available 15 of 51

There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest...

7 affected packages

insighttoolkit4, qtwebengine-opensource-src, blender, texmaker, ghostscript...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
insighttoolkit4	Not in release	Vulnerable	Vulnerable	Vulnerable
qtwebengine-opensource-src	Vulnerable	Vulnerable	Vulnerable	Vulnerable
blender	Not affected	Not affected	Not affected	Vulnerable
texmaker	Vulnerable	Vulnerable	Vulnerable	Vulnerable
ghostscript	Not affected	Not affected	Not affected	Fixed
openjpeg	Not in release	Not in release	Not in release	Not in release
openjpeg2	Fixed	Fixed	Fixed	Fixed

CVE-2020-27844

Medium priority

Needs evaluation

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat...

6 affected packages

insighttoolkit4, blender, openjpeg, openjpeg2, qtwebengine-opensource-src, texmaker

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
blender	Not affected	Not affected	Not affected	Not affected
openjpeg	Not in release	Not in release	Not in release	Not in release
openjpeg2	Not affected	Not affected	Not affected	Not affected
qtwebengine-opensource-src	Not affected	Not affected	Not affected	Not affected
texmaker	Not affected	Not affected	Not affected	Not affected

CVE-2020-27843

Low priority

Some fixes available 14 of 64

A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this...

7 affected packages

qtwebengine-opensource-src, texmaker, blender, ghostscript, openjpeg2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Fixed
openjpeg2	Fixed	Fixed	Fixed	Vulnerable
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release

CVE-2020-27842

Medium priority

Some fixes available 15 of 64

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to...

7 affected packages

blender, insighttoolkit4, ghostscript, openjpeg2, qtwebengine-opensource-src...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Fixed
openjpeg2	Fixed	Fixed	Fixed	Fixed
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release

CVE-2020-27841

Low priority

Some fixes available 15 of 27

There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact...

7 affected packages

openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, ghostscript...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	Fixed	Fixed	Fixed	Fixed
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blender	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Fixed
openjpeg	Not in release	Not in release	Not in release	Not in release
texmaker	Not affected	Not affected	Not affected	Not affected

CVE-2020-27824

Medium priority

Some fixes available 16 of 64

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this...

7 affected packages

openjpeg2, texmaker, blender, insighttoolkit4, qtwebengine-opensource-src...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	Fixed	Fixed	Fixed	Fixed
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Fixed
openjpeg	Not in release	Not in release	Not in release	Not in release

CVE-2020-27823

Medium priority

Some fixes available 13 of 60

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as...

7 affected packages

texmaker, blender, insighttoolkit4, qtwebengine-opensource-src, ghostscript...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected
openjpeg2	Fixed	Fixed	Fixed	Fixed
openjpeg	Not in release	Not in release	Not in release	Not in release

CVE-2020-27814

Medium priority

Some fixes available 15 of 26

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running...

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
blender	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Fixed
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
openjpeg	Not in release	Not in release	Not in release	Not in release
openjpeg2	Fixed	Fixed	Fixed	Fixed
texmaker	Not affected	Not affected	Not affected	Not affected
qtwebengine-opensource-src	Vulnerable	Vulnerable	Vulnerable	Not affected

CVE-2020-15389

Low priority

Fixed

jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible....

3 affected packages

openjpeg, ghostscript, openjpeg2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg	—	Not in release	Not in release	Not in release
ghostscript	—	Not affected	Not affected	Not affected
openjpeg2	—	Fixed	Fixed	Fixed

CVE-2016-3182

High priority

Ignored

The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.

2 affected packages

openjpeg2, openjpeg

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	—	—	—	—
openjpeg	—	—	—	Not in release

Export to JSON

Results by page: