CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2017-17480 – Debian Security Advisory 4405-1
https://notcve.org/view.php?id=CVE-2017-17480
08 Dec 2017 — In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. En OpenJPEG 2.3.0, se ha descubierto un desbordamiento de búfer basado en pila en la función pgxtovolume en jp3d/convert.c. Esta vulnerabilidad tiene como consecuencia una escritura fuera de límites, lo que podría dar lugar a una denegación de servicio remota o a una posibl... • https://github.com/uclouvain/openjpeg/issues/1044 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 2CVE-2016-9572 – Gentoo Linux Security Advisory 201710-26
https://notcve.org/view.php?id=CVE-2016-9572
23 Oct 2017 — A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. Se ha detectado un error de desreferencia de puntero NULL en la forma en la que openjpeg 2.1.2 descifraba ciertas imágenes de entrada. Debido a un error de lógica en el código responsable de descifrar la imagen de entrada, una aplicación que ... • http://www.securityfocus.com/bid/109233 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-9580 – Gentoo Linux Security Advisory 201710-26
https://notcve.org/view.php?id=CVE-2016-9580
23 Oct 2017 — An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. Se ha encontrado una vulnerabilidad de desbordamiento de enteros en la función tiftoimage en openjpeg 2.1.2, lo que resulta en un desbordamiento de búfer basado en memoria dinámica (heap). Multiple vulnerabilities have been found in OpenJPEG, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.3.0:2 are affected. • http://www.securityfocus.com/bid/94822 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-9581 – Gentoo Linux Security Advisory 201710-26
https://notcve.org/view.php?id=CVE-2016-9581
23 Oct 2017 — An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. Se ha detectado una vulnerabilidad de bucle infinito en tiftoimage que resulta en un desbordamiento de búfer basado en memoria dinámica (heap) en convert_32s_C1P1 en openjpeg 2.1.2. Multiple vulnerabilities have been found in OpenJPEG, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.3.0:2 are affected. • http://www.securityfocus.com/bid/94822 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2015-1239
https://notcve.org/view.php?id=CVE-2015-1239
18 Oct 2017 — Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. Vulnerabilidad de doble liberación (double free) en la función j2k_read_ppm_v3 en OpenJPEG en versiones anteriores a la r2997, tal y como se emplea en PDFium en Google Chrome, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del proceso) mediante un PDF manipulado. • https://bugs.chromium.org/p/chromium/issues/detail?id=430891 • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14164 – Gentoo Linux Security Advisory 201710-26
https://notcve.org/view.php?id=CVE-2017-14164
06 Sep 2017 — A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152. Existe un error de validación de tamaño en opj_j2k_write_sot en lib/openjp2/j2k.c en OpenJPEG 2.2.0. La vulnerabilidad da lug... • http://www.securityfocus.com/bid/100677 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-14151
https://notcve.org/view.php?id=CVE-2017-14151
05 Sep 2017 — An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution. Se ha descubierto un error por un paso (off-by-one) en opj_tcd_code_block_enc_allocate_data en lib/openjp2/tcd.c en OpenJPEG 2.2.0. La vulnerabilidad da ... • http://www.debian.org/security/2017/dsa-4013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-14152
https://notcve.org/view.php?id=CVE-2017-14152
05 Sep 2017 — A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution. Se ha descubierto un caso de un valor cero que no se maneja correctamente en opj_j2k_set_cinema_parameters en lib/openjp2/j2k.c en OpenJPEG 2.2.0. La vu... • http://www.debian.org/security/2017/dsa-4013 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-14039 – Gentoo Linux Security Advisory 201710-26
https://notcve.org/view.php?id=CVE-2017-14039
30 Aug 2017 — A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. Se descubrió una vulnerabilidad de desbordamiento de búfer basado en montículos en la función opj_t2_encode_packet en lib/openjp2/t2.c en OpenJPEG 2.2.0. La vulnerabilidad provoca una escritura fuera de límites, lo que puede provocar una denegación de servicio o... • http://www.debian.org/security/2017/dsa-4013 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-14040
https://notcve.org/view.php?id=CVE-2017-14040
30 Aug 2017 — An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. Se descubrió un acceso de escritura no válido en bin/jp2/convert.c en OpenJPEG 2.2.0 desencadenando un fallo en la función tgatoimage. La vulnerabilidad puede provocar una denegación de servicio o posiblemente otro impacto no especificado. • http://www.debian.org/security/2017/dsa-4013 • CWE-787: Out-of-bounds Write •