CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 1CVE-2018-18088 – Debian Security Advisory 4405-1
https://notcve.org/view.php?id=CVE-2018-18088
09 Oct 2018 — OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c OpenJPEG 2.3.0 tiene una desreferencia de puntero NULL en "red" en la función imagetopnm de jp2/convert.c It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of... • https://github.com/uclouvain/openjpeg/issues/1152 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16375
https://notcve.org/view.php?id=CVE-2018-16375
03 Sep 2018 — An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. Se ha descubierto un problema en OpenJPEG 2.3.0. La falta de comprobaciones para header_info.height y header_info.width en la función pnmtoimage en bin/jpwl/convert.c puede conducir a un desbordamiento de búfer basado en memoria dinámica (heap). • http://www.securityfocus.com/bid/105266 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 0CVE-2018-16376
https://notcve.org/view.php?id=CVE-2018-16376
03 Sep 2018 — An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. Se ha descubierto un problema en OpenJPEG 2.3.0. Se ha descubierto un desbordamiento de búfer basado en memoria dinámica (heap) en la función t2_encode_packet en lib/openmj2/t2.c. • http://www.securityfocus.com/bid/105262 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-14423 – Debian Security Advisory 4405-1
https://notcve.org/view.php?id=CVE-2018-14423
19 Jul 2018 — Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). Vulnerabilidades de división entre cero en las funciones pi_next_pcrl, pi_next_cprl y pi_next_rpcl en lib/openjp3d/pi.c en OpenJPEG hasta la versión 2.3.0 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación). It was discovered that OpenJPEG incor... • https://github.com/uclouvain/openjpeg/issues/1123 • CWE-369: Divide By Zero •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0158
https://notcve.org/view.php?id=CVE-2014-0158
10 Apr 2018 — Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null ... • https://bugzilla.redhat.com/show_bug.cgi?id=1082925 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7648
https://notcve.org/view.php?id=CVE-2018-7648
02 Mar 2018 — An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. Se ha descubierto un problema en mj2/opj_mj2_extract.c en OpenJPEG 2.3.0. No se comprobó la longitud del prefijo de salida, que podría desbordar un búfer al proporcionar un prefijo con 50 o más caracteres en la línea de comandos. • https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6616 – Debian Security Advisory 4405-1
https://notcve.org/view.php?id=CVE-2018-6616
04 Feb 2018 — In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. En OpenJPEG 2.3.0, hay una iteración excesiva en la función opj_t1_encode_cblks de openjp2/t1.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo bmp manipulado. It was discovered that OpenJPEG incorrectly handled certain PGX fil... • https://github.com/uclouvain/openjpeg/issues/1059 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-5785 – openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c
https://notcve.org/view.php?id=CVE-2018-5785
19 Jan 2018 — In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. En OpenJPEG 2.3.0, hay un desbordamiento de enteros provocado por un desplazamiento a la izquierda fuera de límites en la función opj_j2k_setup_encoder (openjp2/j2k.c). Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servic... • https://github.com/uclouvain/openjpeg/issues/1057 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5727 – openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c
https://notcve.org/view.php?id=CVE-2018-5727
16 Jan 2018 — In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. En OpenJPEG 2.3.0, hay una vulnerabilidad de desbordamiento de enteros en la función opj_t1_encode_cblks (openjp2/t1.c). Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo bmp manipulado. It was discovered that Ghostsc... • https://github.com/uclouvain/openjpeg/issues/1053 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2017-17479
https://notcve.org/view.php?id=CVE-2017-17479
08 Dec 2017 — In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. En OpenJPEG 2.3.0, se ha descubierto un desbordamiento de búfer basado en pila en la función pgxtoimage en jpwl/convert.c. Esta vulnerabilidad tiene como consecuencia una escritura fuera de límites, lo que podría dar lugar a una denegación de servicio remota o a una posible ... • https://github.com/uclouvain/openjpeg/issues/1044 • CWE-787: Out-of-bounds Write •