Openjpeg
by Uclouvain
Source repositories
CVEs (68)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1239 | Med | 0.42 | 6.5 | 0.01 | Oct 18, 2017 | Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. | ||
| CVE-2016-10505 | Med | 0.42 | 6.5 | 0.02 | Aug 30, 2017 | NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service… | ||
| CVE-2016-9117 | Med | 0.42 | 6.5 | 0.02 | Oct 30, 2016 | NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | ||
| CVE-2016-9116 | Med | 0.42 | 6.5 | 0.02 | Oct 30, 2016 | NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | ||
| CVE-2016-9115 | Med | 0.42 | 6.5 | 0.02 | Oct 30, 2016 | Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | ||
| CVE-2016-1923 | Med | 0.42 | 6.5 | 0.02 | Jan 27, 2016 | Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | ||
| CVE-2016-10504 | Med | 0.39 | 6.5 | 0.08 | Aug 30, 2017 | Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. | ||
| CVE-2018-6616 | Med | 0.36 | 5.5 | 0.02 | Feb 4, 2018 | In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. | ||
| CVE-2016-10506 | Med | 0.36 | 6.5 | 0.03 | Aug 30, 2017 | Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | ||
| CVE-2017-12982 | Med | 0.36 | 5.5 | 0.03 | Aug 21, 2017 | The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to… | ||
| CVE-2016-4797 | Med | 0.36 | 5.5 | 0.02 | Feb 3, 2017 | Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. | ||
| CVE-2016-4796 | Med | 0.36 | 5.5 | 0.04 | Feb 3, 2017 | Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. | ||
| CVE-2016-3183 | Med | 0.36 | 5.5 | 0.03 | Feb 3, 2017 | The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. | ||
| CVE-2016-10507 | Med | 0.35 | 6.5 | 0.02 | Aug 30, 2017 | Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. | ||
| CVE-2016-9118 | Med | 0.35 | 5.3 | 0.03 | Oct 30, 2016 | Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. | ||
| CVE-2024-56827 | Med | 0.29 | 5.6 | 0.00 | Jan 9, 2025 | A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. | ||
| CVE-2024-56826 | Med | 0.29 | 5.6 | 0.00 | Jan 9, 2025 | A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. | ||
| CVE-2026-6192 | Low | 0.14 | 3.3 | 0.00 | Apr 13, 2026 | A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and… | ||
| CVE-2012-3358 | 0.01 | — | 0.08 | Jul 18, 2012 | Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file. | |||
| CVE-2025-50952 | 0.00 | — | 0.00 | Aug 7, 2025 | openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. |
- risk 0.42cvss 6.5epss 0.01
Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.
- risk 0.42cvss 6.5epss 0.02
NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service…
- risk 0.42cvss 6.5epss 0.02
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
- risk 0.42cvss 6.5epss 0.02
NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
- risk 0.42cvss 6.5epss 0.02
Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
- risk 0.42cvss 6.5epss 0.02
Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
- risk 0.39cvss 6.5epss 0.08
Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.
- risk 0.36cvss 5.5epss 0.02
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
- risk 0.36cvss 6.5epss 0.03
Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.
- risk 0.36cvss 5.5epss 0.03
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to…
- risk 0.36cvss 5.5epss 0.02
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
- risk 0.36cvss 5.5epss 0.04
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.
- risk 0.36cvss 5.5epss 0.03
The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.
- risk 0.35cvss 6.5epss 0.02
Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.
- risk 0.35cvss 5.3epss 0.03
Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.
- risk 0.29cvss 5.6epss 0.00
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
- risk 0.29cvss 5.6epss 0.00
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
- risk 0.14cvss 3.3epss 0.00
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and…
- CVE-2012-3358Jul 18, 2012risk 0.01cvss —epss 0.08
Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.
- CVE-2025-50952Aug 7, 2025risk 0.00cvss —epss 0.00
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.
Page 2 of 4