CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0158
https://notcve.org/view.php?id=CVE-2014-0158
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS." **RECHAZADA** NO USAR ESTE NÚMERO DE CANDIDATO. ConsultIDs: CVE-2014-2294. Motivo: Este candidato es una réplica de CVE-2014-2294. • https://bugzilla.redhat.com/show_bug.cgi?id=1082925 https://bugzilla.suse.com/show_bug.cgi?id=871412 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7648
https://notcve.org/view.php?id=CVE-2018-7648
An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. Se ha descubierto un problema en mj2/opj_mj2_extract.c en OpenJPEG 2.3.0. No se comprobó la longitud del prefijo de salida, que podría desbordar un búfer al proporcionar un prefijo con 50 o más caracteres en la línea de comandos. • https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d https://github.com/uclouvain/openjpeg/issues/1088 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6616
https://notcve.org/view.php?id=CVE-2018-6616
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. En OpenJPEG 2.3.0, hay una iteración excesiva en la función opj_t1_encode_cblks de openjp2/t1.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo bmp manipulado. • https://github.com/uclouvain/openjpeg/issues/1059 https://lists.debian.org/debian-lts-announce/2018/12/msg00013.html https://usn.ubuntu.com/4109-1 https://www.debian.org/security/2019/dsa-4405 https://www.oracle.com/security-alerts/cpujul2020.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-5785 – openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c
https://notcve.org/view.php?id=CVE-2018-5785
In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. En OpenJPEG 2.3.0, hay un desbordamiento de enteros provocado por un desplazamiento a la izquierda fuera de límites en la función opj_j2k_setup_encoder (openjp2/j2k.c). Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo bmp manipulado. • https://github.com/uclouvain/openjpeg/issues/1057 https://usn.ubuntu.com/4109-1 https://www.debian.org/security/2019/dsa-4405 https://access.redhat.com/security/cve/CVE-2018-5785 https://bugzilla.redhat.com/show_bug.cgi?id=1537758 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5727 – openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c
https://notcve.org/view.php?id=CVE-2018-5727
In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. En OpenJPEG 2.3.0, hay una vulnerabilidad de desbordamiento de enteros en la función opj_t1_encode_cblks (openjp2/t1.c). Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo bmp manipulado. • https://github.com/uclouvain/openjpeg/issues/1053 https://access.redhat.com/security/cve/CVE-2018-5727 https://bugzilla.redhat.com/show_bug.cgi?id=1536552 • CWE-190: Integer Overflow or Wraparound •