NotCVE - vendor:"Uclouvain" product:"Openjpeg" version:"2.1.0"

Page 6 of 33 results (0.007 seconds)

CVSS: 5.5EPSS: 1%CPEs: 3EXPL: 0

CVE-2016-4797

https://notcve.org/view.php?id=CVE-2016-4797

Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. La vulnerabilidad divide por cero en la función opj_tcd_init_tile en tcd.c en OpenJPEG en versiones anteriores a 2.1.1 permite a los atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un archivo jp2 elaborado. NOTA: este problema existe debido a una corrección incorrecta de CVE-2014-7947. • http://www.openwall.com/lists/oss-security/2016/05/13/2 https://bugzilla.redhat.com/show_bug.cgi?id=1335483 https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c https://github.com/uclouvain/openjpeg/issues/733 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH https://lists.fedoraproject.org/archives/ • CWE-369: Divide By Zero •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-3182

https://notcve.org/view.php?id=CVE-2016-3182

The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. La función color_esycc_to_rgb en el archivo bin/common/color.c en OpenJPEG versiones anteriores a 2.1.1, permite a atacantes causar una denegación de servicio (corrupción de memoria) por medio de un archivo jpeg 2000 diseñado. • http://www.openwall.com/lists/oss-security/2016/03/16/16 http://www.openwall.com/lists/oss-security/2016/09/27/1 https://bugzilla.redhat.com/show_bug.cgi?id=1317826 https://github.com/uclouvain/openjpeg/issues/725 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-3183

https://notcve.org/view.php?id=CVE-2016-3183

The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. La función sycc422_t_rgb en common/color.c en OpenJPEG en versiones anteriores a 2.1.1 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo jpeg2000 manipulado. • http://www.openwall.com/lists/oss-security/2016/03/16/17 https://bugzilla.redhat.com/show_bug.cgi?id=1317821 https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767 https://github.com/uclouvain/openjpeg/issues/726 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH https://lists.fedoraproject.org/archives • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2016-7445

https://notcve.org/view.php?id=CVE-2016-7445

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. convert.c en OpenJPEG en versiones anteriores a 2.1.2 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de vectores que involucran a la variable s. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00109.html http://www.openwall.com/lists/oss-security/2016/09/18/4 http://www.openwall.com/lists/oss-security/2016/09/18/6 http://www.securityfocus.com/bid/93040 https://github.com/uclouvain/openjpeg/blob/openjpeg-2.1/CHANGELOG.md https://github.com/uclouvain/openjpeg/issues/843 https://security.gentoo.org/glsa/201612-26 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 1%CPEs: 22EXPL: 1

CVE-2016-7163 – openjpeg: Integer overflow in opj_pi_create_decode

https://notcve.org/view.php?id=CVE-2016-7163

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. Desbordamiento de entero en la función opj_pi_create_decode en pi.c en OpenJPEG permite a atacantes remotos ejecutar código arbitrario a través de un archivo JP2 manipulado, lo que desencadena una lectura o escritura fuera de límites. An integer overflow, leading to a heap buffer overflow, was found in OpenJPEG. An attacker could create a crafted JPEG2000 image that, when loaded by an application using openjpeg, could lead to a crash or, potentially, code execution. • http://rhn.redhat.com/errata/RHSA-2017-0559.html http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.debian.org/security/2016/dsa-3665 http://www.openwall.com/lists/oss-security/2016/09/08/3 http://www.openwall.com/lists/oss-security/2016/09/08/6 http://www.securityfocus.com/bid/92897 https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4 https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24 https://github.com/uclouvain&# • CWE-190: Integer Overflow or Wraparound •

1...4 5 6 7