Filtered by vendor Uclouvain
Subscribe
Total
82 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-5030 | 1 Uclouvain | 1 Openjpeg | 2026-04-29 | 6.8 MEDIUM | N/A |
| The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free." | |||||
| CVE-2013-6054 | 1 Uclouvain | 1 Openjpeg | 2026-04-29 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045. | |||||
| CVE-2012-3535 | 1 Uclouvain | 1 Openjpeg | 2026-04-29 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file. | |||||
| CVE-2013-6052 | 1 Uclouvain | 1 Openjpeg | 2026-04-29 | 5.0 MEDIUM | N/A |
| OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | |||||
| CVE-2012-3358 | 1 Uclouvain | 1 Openjpeg | 2026-04-29 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file. | |||||
| CVE-2013-6045 | 1 Uclouvain | 1 Openjpeg | 2026-04-29 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-1499 | 1 Uclouvain | 1 Openjpeg | 2026-04-29 | 9.3 HIGH | N/A |
| The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write." | |||||
| CVE-2013-1447 | 1 Uclouvain | 1 Openjpeg | 2026-04-29 | 5.0 MEDIUM | N/A |
| OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors. | |||||
| CVE-2023-39329 | 2 Redhat, Uclouvain | 2 Enterprise Linux, Openjpeg | 2026-03-09 | N/A | 6.5 MEDIUM |
| A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service. | |||||
| CVE-2023-39327 | 2 Redhat, Uclouvain | 2 Enterprise Linux, Openjpeg | 2026-03-09 | N/A | 4.3 MEDIUM |
| A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. | |||||
| CVE-2025-50952 | 1 Uclouvain | 1 Openjpeg | 2025-12-29 | N/A | 6.5 MEDIUM |
| openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. | |||||
| CVE-2022-1122 | 3 Debian, Fedoraproject, Uclouvain | 3 Debian Linux, Fedora, Openjpeg | 2025-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. | |||||
| CVE-2021-3575 | 3 Fedoraproject, Redhat, Uclouvain | 3 Fedora, Enterprise Linux, Openjpeg | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. | |||||
| CVE-2021-29338 | 3 Debian, Fedoraproject, Uclouvain | 3 Debian Linux, Fedora, Openjpeg | 2025-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files. | |||||
| CVE-2025-54874 | 1 Uclouvain | 1 Openjpeg | 2025-09-26 | N/A | 9.8 CRITICAL |
| OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized. | |||||
| CVE-2023-39328 | 2 Redhat, Uclouvain | 2 Enterprise Linux, Openjpeg | 2025-08-18 | N/A | 5.5 MEDIUM |
| A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file. | |||||
| CVE-2016-10506 | 1 Uclouvain | 1 Openjpeg | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | |||||
| CVE-2015-1239 | 3 Debian, Google, Uclouvain | 4 Debian Linux, Chrome, Pdfium and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. | |||||
| CVE-2016-10505 | 1 Uclouvain | 1 Openjpeg | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | |||||
| CVE-2017-14152 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution. | |||||