VYPR

apk package

chainguard/openjpeg-tools

pkg:apk/chainguard/openjpeg-tools

Vulnerabilities (5)

  • CVE-2025-54874Aug 5, 2025
    affected < 2.5.3-r2fixed 2.5.3-r2

    OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.

  • CVE-2023-39329Jul 13, 2024
    affected < 2.5.4-r0fixed 2.5.4-r0

    A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.

  • CVE-2023-39327Jul 13, 2024
    affected < 2.5.4-r0fixed 2.5.4-r0

    A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

  • CVE-2023-39328Jul 9, 2024
    affected < 2.5.4-r0fixed 2.5.4-r0

    A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.

  • CVE-2015-1239MedOct 18, 2017
    affected < 0fixed 0

    Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.