Openjpeg
Sign in to watchby Uclouvain
Source repositories
CVEs (38)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-1924 | Med | 0.42 | 6.5 | 0.01 | Jan 27, 2016 | The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | |
| CVE-2016-1923 | Med | 0.42 | 6.5 | 0.01 | Jan 27, 2016 | Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | |
| CVE-2017-12982 | Med | 0.36 | 5.5 | 0.00 | Aug 21, 2017 | The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. | |
| CVE-2016-9118 | Med | 0.34 | 5.3 | 0.01 | Oct 30, 2016 | Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. | |
| CVE-2026-6192 | Low | 0.21 | 3.3 | 0.00 | Apr 13, 2026 | A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue. | |
| CVE-2013-6045 | 0.01 | — | 0.08 | Dec 12, 2013 | Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2025-54874 | 0.00 | — | 0.00 | Aug 5, 2025 | OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized. | ||
| CVE-2013-6053 | 0.00 | — | 0.00 | Apr 27, 2014 | OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | ||
| CVE-2013-6887 | 0.00 | — | 0.00 | Apr 27, 2014 | OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. | ||
| CVE-2013-4290 | 0.00 | — | 0.01 | Apr 18, 2014 | Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c. | ||
| CVE-2013-4289 | 0.00 | — | 0.02 | Apr 18, 2014 | Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow. | ||
| CVE-2013-6054 | 0.00 | — | 0.01 | Dec 12, 2013 | Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045. | ||
| CVE-2013-6052 | 0.00 | — | 0.00 | Dec 12, 2013 | OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | ||
| CVE-2013-1447 | 0.00 | — | 0.01 | Dec 12, 2013 | OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors. | ||
| CVE-2012-3535 | 0.00 | — | 0.05 | Sep 5, 2012 | Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file. | ||
| CVE-2012-3358 | 0.00 | — | 0.05 | Jul 18, 2012 | Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file. | ||
| CVE-2009-5030 | 0.00 | — | 0.05 | Jul 18, 2012 | The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free." | ||
| CVE-2012-1499 | 0.00 | — | 0.04 | Apr 11, 2012 | The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write." |
Page 2 of 2