VYPR

Vendor CVEs

Uclouvain

All CVEs

68 total · sorted by risk
  • CVE-2016-3182Feb 20, 2020
    risk 0.00cvss epss 0.01

    The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.

  • CVE-2018-21010Sep 5, 2019
    risk 0.00cvss epss 0.02

    OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.

  • CVE-2019-12973Jun 26, 2019
    risk 0.00cvss epss 0.03

    In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.

  • CVE-2018-20846Jun 26, 2019
    risk 0.00cvss epss 0.02

    Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

  • CVE-2018-20845Jun 26, 2019
    risk 0.00cvss epss 0.02

    Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

  • CVE-2019-6988Jan 28, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

  • CVE-2018-7648CriMar 2, 2018
    risk 0.00cvss 9.8epss 0.02

    An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.

  • CVE-2013-6053Apr 27, 2014
    risk 0.00cvss epss 0.02

    OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

  • CVE-2013-6887Apr 27, 2014
    risk 0.00cvss epss 0.02

    OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.

  • CVE-2013-4290Apr 18, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c.

  • CVE-2013-4289Apr 18, 2014
    risk 0.00cvss epss 0.03

    Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.

  • CVE-2013-6054Dec 12, 2013
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.

  • CVE-2013-6052Dec 12, 2013
    risk 0.00cvss epss 0.02

    OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

  • CVE-2013-6045Dec 12, 2013
    risk 0.00cvss epss 0.06

    Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2013-1447Dec 12, 2013
    risk 0.00cvss epss 0.03

    OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors.

  • CVE-2012-3535Sep 5, 2012
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.

  • CVE-2009-5030Jul 18, 2012
    risk 0.00cvss epss 0.04

    The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated…

  • CVE-2012-1499Apr 11, 2012
    risk 0.00cvss epss 0.05

    The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."

Page 2 of 2