CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-14423
https://notcve.org/view.php?id=CVE-2018-14423
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). Vulnerabilidades de división entre cero en las funciones pi_next_pcrl, pi_next_cprl y pi_next_rpcl en lib/openjp3d/pi.c en OpenJPEG hasta la versión 2.3.0 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación). • https://github.com/uclouvain/openjpeg/issues/1123 https://lists.debian.org/debian-lts-announce/2018/12/msg00013.html https://usn.ubuntu.com/4109-1 https://www.debian.org/security/2019/dsa-4405 • CWE-369: Divide By Zero •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0158
https://notcve.org/view.php?id=CVE-2014-0158
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS." **RECHAZADA** NO USAR ESTE NÚMERO DE CANDIDATO. ConsultIDs: CVE-2014-2294. Motivo: Este candidato es una réplica de CVE-2014-2294. • https://bugzilla.redhat.com/show_bug.cgi?id=1082925 https://bugzilla.suse.com/show_bug.cgi?id=871412 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2016-9572
https://notcve.org/view.php?id=CVE-2016-9572
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. Se ha detectado un error de desreferencia de puntero NULL en la forma en la que openjpeg 2.1.2 descifraba ciertas imágenes de entrada. Debido a un error de lógica en el código responsable de descifrar la imagen de entrada, una aplicación que emplee openjpeg para procesar datos de imágenes podría cerrarse inesperadamente al procesar una imagen manipulada. • http://www.securityfocus.com/bid/109233 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572 https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d https://github.com/uclouvain/openjpeg/issues/863 https://security.gentoo.org/glsa/201710-26 https://www.debian.org/security/2017/dsa-3768 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-9580
https://notcve.org/view.php?id=CVE-2016-9580
An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. Se ha encontrado una vulnerabilidad de desbordamiento de enteros en la función tiftoimage en openjpeg 2.1.2, lo que resulta en un desbordamiento de búfer basado en memoria dinámica (heap). • http://www.securityfocus.com/bid/94822 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580 https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255 https://github.com/uclouvain/openjpeg/issues/871 https://security.gentoo.org/glsa/201710-26 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-9581
https://notcve.org/view.php?id=CVE-2016-9581
An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. Se ha detectado una vulnerabilidad de bucle infinito en tiftoimage que resulta en un desbordamiento de búfer basado en memoria dinámica (heap) en convert_32s_C1P1 en openjpeg 2.1.2. • http://www.securityfocus.com/bid/94822 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581 https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255 https://github.com/uclouvain/openjpeg/issues/872 https://security.gentoo.org/glsa/201710-26 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •