apk package
chainguard/openjpeg-tools
pkg:apk/chainguard/openjpeg-tools
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54874 | — | < 2.5.3-r2 | 2.5.3-r2 | Aug 5, 2025 | OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized. | ||
| CVE-2023-39329 | — | < 2.5.4-r0 | 2.5.4-r0 | Jul 13, 2024 | A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service. | ||
| CVE-2023-39327 | — | < 2.5.4-r0 | 2.5.4-r0 | Jul 13, 2024 | A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. | ||
| CVE-2023-39328 | — | < 2.5.4-r0 | 2.5.4-r0 | Jul 9, 2024 | A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file. | ||
| CVE-2015-1239 | Med | 6.5 | < 0 | 0 | Oct 18, 2017 | Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. |
- CVE-2025-54874Aug 5, 2025affected < 2.5.3-r2fixed 2.5.3-r2
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
- CVE-2023-39329Jul 13, 2024affected < 2.5.4-r0fixed 2.5.4-r0
A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.
- CVE-2023-39327Jul 13, 2024affected < 2.5.4-r0fixed 2.5.4-r0
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.
- CVE-2023-39328Jul 9, 2024affected < 2.5.4-r0fixed 2.5.4-r0
A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.
- affected < 0fixed 0
Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.