VYPR

Openjpeg

by Uclouvain

Source repositories

CVEs (68)

  • CVE-2015-1239MedOct 18, 2017
    risk 0.42cvss 6.5epss 0.01

    Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.

  • CVE-2016-10505MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.02

    NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service…

  • CVE-2016-9117MedOct 30, 2016
    risk 0.42cvss 6.5epss 0.02

    NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

  • CVE-2016-9116MedOct 30, 2016
    risk 0.42cvss 6.5epss 0.02

    NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

  • CVE-2016-9115MedOct 30, 2016
    risk 0.42cvss 6.5epss 0.02

    Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

  • CVE-2016-1923MedJan 27, 2016
    risk 0.42cvss 6.5epss 0.02

    Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

  • CVE-2016-10504MedAug 30, 2017
    risk 0.39cvss 6.5epss 0.08

    Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.

  • CVE-2018-6616MedFeb 4, 2018
    risk 0.36cvss 5.5epss 0.02

    In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

  • CVE-2016-10506MedAug 30, 2017
    risk 0.36cvss 6.5epss 0.03

    Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

  • CVE-2017-12982MedAug 21, 2017
    risk 0.36cvss 5.5epss 0.03

    The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to…

  • CVE-2016-4797MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.02

    Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.

  • CVE-2016-4796MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.04

    Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

  • CVE-2016-3183MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.03

    The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.

  • CVE-2016-10507MedAug 30, 2017
    risk 0.35cvss 6.5epss 0.02

    Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.

  • CVE-2016-9118MedOct 30, 2016
    risk 0.35cvss 5.3epss 0.03

    Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.

  • CVE-2024-56827MedJan 9, 2025
    risk 0.29cvss 5.6epss 0.00

    A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

  • CVE-2024-56826MedJan 9, 2025
    risk 0.29cvss 5.6epss 0.00

    A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

  • CVE-2026-6192LowApr 13, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and…

  • CVE-2012-3358Jul 18, 2012
    risk 0.01cvss epss 0.08

    Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.

  • CVE-2025-50952Aug 7, 2025
    risk 0.00cvss epss 0.00

    openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.