CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1122 – openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer
https://notcve.org/view.php?id=CVE-2022-1122
29 Mar 2022 — A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. Se ha encontrado un fallo en el programa opj2_decompress de openjpeg2 versión 2.4.0, en la forma en que maneja un directorio de entrada con un gran número de archivos. Cuando no asigna un bú... • https://github.com/uclouvain/openjpeg/issues/1368 • CWE-665: Improper Initialization CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3575 – openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-3575
10 Nov 2021 — A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. Se encontró un desbordamiento de búfer en la región heap de la memoria en openjpeg en color.c:379:42 en sycc420_to_rgb cuando es descomprimido un archivo .j2k diseñado. Un atacante podría usar esto para ejecutar código arbitrario con los permisos de la aplicación c... • https://bugzilla.redhat.com/show_bug.cgi?id=1957616 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27823 – openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode()
https://notcve.org/view.php?id=CVE-2020-27823
28 Apr 2021 — A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en el codificador de OpenJPEG. Este fallo permite a un atacante pasar una entrada de desplazamiento x,y especialmente diseñada a OpenJPEG para usarla durante la codificación. • https://bugzilla.redhat.com/show_bug.cgi?id=1905762 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27824 – openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes()
https://notcve.org/view.php?id=CVE-2020-27824
28 Apr 2021 — A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. Se encontró un fallo en el codificador de OpenJPEG en la función opj_dwt_calc_explicit_stepsizes(). Este fallo permite a un atacante que puede suministrar una entrada diseñada a niveles de descomposición para causar un desbordamiento del... • https://github.com/pazhanivel07/openjpeg-2.3.0_CVE-2020-27824 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29338 – openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c
https://notcve.org/view.php?id=CVE-2021-29338
14 Apr 2021 — Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files. Integer Overflow en OpenJPEG versión v2.4.0 permite a atacantes remotos bloquear la aplicación, causando una denegación de servicio (DoS). Esto ocurre cuando el atacante usa la opción de línea de comando "-ImgDir" en un directorio que contiene 1048576 archivos There is a f... • https://github.com/uclouvain/openjpeg/issues/1338 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2020-27814 – openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS
https://notcve.org/view.php?id=CVE-2020-27814
25 Jan 2021 — A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. Se encontró un desbordamiento del búfer en la manera en que openjpeg2 manejaba determinados archivos en formato PNG. Un atacante podría usar este fallo para causar el bloqueo de una aplicación o, en algunos casos, ejecutar código arbitrario con el permiso ... • https://bugzilla.redhat.com/show_bug.cgi?id=1901998 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27845 – openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c
https://notcve.org/view.php?id=CVE-2020-27845
05 Jan 2021 — There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. Se presenta un fallo en el archivo src/lib/openjp2/pi.c de openjpeg en versiones anteriores a 2.4.0. Si un atacante puede proporcionar una entrada que no sea confiable para la funcionalidad conversion/encoding de openjpeg, po... • https://bugzilla.redhat.com/show_bug.cgi?id=1907523 • CWE-125: Out-of-bounds Read •
CVSS: 8.3EPSS: 1%CPEs: 3EXPL: 0CVE-2020-27844 – Gentoo Linux Security Advisory 202101-29
https://notcve.org/view.php?id=CVE-2020-27844
05 Jan 2021 — A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en el archivo src/lib/openjp2/t2.c de openjpeg en versiones anteriores a 2.4.0. Este fallo permite a un atacante proporcionar una entrada diseñada para openjpeg durant... • https://bugzilla.redhat.com/show_bug.cgi?id=1907521 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-27843 – openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c
https://notcve.org/view.php?id=CVE-2020-27843
05 Jan 2021 — A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. Se encontró un fallo en OpenJPEG en versiones anteriores a 2.4.0. Este fallo permite a un atacante proporcionar una entrada especialmente diseñada para la funcionalidad conversion o encoding, causando una lectura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1907516 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-27842 – openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c
https://notcve.org/view.php?id=CVE-2020-27842
05 Jan 2021 — There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. Se presenta un fallo en el codificador t2 de openjpeg en versiones anteriores a 2.4.0. Un atacante que sea capaz de proporcionar una entrada diseñada para ser procesada por openjpeg podría causar una desreferencia del puntero null. • https://bugzilla.redhat.com/show_bug.cgi?id=1907513 • CWE-125: Out-of-bounds Read •