CVE search results

31 – 40 of 79 results

Detailed view

Sort by:

CVE-2019-6988

Low priority

Vulnerable

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c,...

3 affected packages

openjpeg, openjpeg2, ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg	Not in release	Not in release	Not in release	Not in release
openjpeg2	Vulnerable	Vulnerable	Vulnerable	Vulnerable
ghostscript	Not affected	Not affected	Not affected	Vulnerable

CVE-2018-18088

Medium priority

Some fixes available 3 of 5

OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c

2 affected packages

openjpeg2, openjpeg

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	Not affected	Not affected	Not affected	Fixed
openjpeg	Not in release	—	Not in release	Not in release

CVE-2018-16376

Low priority

Ignored

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of...

2 affected packages

openjpeg2, openjpeg

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	—	—	Not affected	Not affected
openjpeg	—	—	Not in release	Not in release

CVE-2018-16375

Medium priority

Some fixes available 1 of 4

An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.

2 affected packages

openjpeg2, openjpeg

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	—	—	Not affected	Fixed
openjpeg	—	—	Not in release	Not in release

CVE-2016-9580

Medium priority

Ignored

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

2 affected packages

openjpeg2, openjpeg

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	—	Not affected	Not affected	Not affected
openjpeg	—	Not in release	Not in release	Not in release

CVE-2016-9572

Medium priority

Some fixes available 1 of 6

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could...

2 affected packages

openjpeg, openjpeg2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg	—	Not in release	Not in release	Not in release
openjpeg2	—	Not affected	Not affected	Not affected

CVE-2016-9581

Medium priority

Ignored

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

2 affected packages

openjpeg, openjpeg2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg	—	Not in release	Not in release	Not in release
openjpeg2	—	Not affected	Not affected	Not affected

CVE-2016-9573

Medium priority

Some fixes available 1 of 6

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data...

2 affected packages

openjpeg, openjpeg2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg	—	Not in release	Not in release	Not in release
openjpeg2	—	Not affected	Not affected	Not affected

CVE-2018-14423

Low priority

Some fixes available 2 of 5

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

2 affected packages

openjpeg, openjpeg2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg	—	Not in release	Not in release	Not in release
openjpeg2	—	Not affected	Not affected	Fixed

CVE-2018-7648

Medium priority

Not affected

An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.

2 affected packages

openjpeg, openjpeg2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg	—	—	—	—
openjpeg2	—	—	—	—

Export to JSON

Results by page:

Search CVE reports