Filtered by vendor Uclouvain
Subscriptions
Total
83 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6192 | 1 Uclouvain | 1 Openjpeg | 2026-04-14 | 3.3 Low |
| A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue. | ||||
| CVE-2023-39329 | 2 Redhat, Uclouvain | 3 Ai Inference Server, Enterprise Linux, Openjpeg | 2026-03-09 | 6.5 Medium |
| A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service. | ||||
| CVE-2023-39327 | 2 Redhat, Uclouvain | 3 Ai Inference Server, Enterprise Linux, Openjpeg | 2026-03-09 | 4.3 Medium |
| A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. | ||||
| CVE-2025-54874 | 1 Uclouvain | 1 Openjpeg | 2026-02-26 | 9.8 Critical |
| OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized. | ||||
| CVE-2025-50952 | 2 Openjpeg, Uclouvain | 2 Openjpeg, Openjpeg | 2025-12-29 | 6.5 Medium |
| openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. | ||||
| CVE-2023-39328 | 2 Redhat, Uclouvain | 2 Enterprise Linux, Openjpeg | 2025-11-20 | 5.5 Medium |
| A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file. | ||||
| CVE-2022-1122 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2025-11-03 | 5.5 Medium |
| A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. | ||||
| CVE-2021-3575 | 3 Fedoraproject, Redhat, Uclouvain | 3 Fedora, Enterprise Linux, Openjpeg | 2025-11-03 | 7.8 High |
| A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. | ||||
| CVE-2021-29338 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2025-11-03 | 5.5 Medium |
| Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files. | ||||
| CVE-2017-14039 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2025-04-20 | 8.8 High |
| A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. | ||||
| CVE-2016-10504 | 1 Uclouvain | 1 Openjpeg | 2025-04-20 | N/A |
| Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. | ||||
| CVE-2017-14041 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2025-04-20 | 8.8 High |
| A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | ||||
| CVE-2016-10506 | 1 Uclouvain | 1 Openjpeg | 2025-04-20 | N/A |
| Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | ||||
| CVE-2017-17479 | 1 Uclouvain | 1 Openjpeg | 2025-04-20 | N/A |
| In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | ||||
| CVE-2017-14152 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2025-04-20 | 8.8 High |
| A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution. | ||||
| CVE-2016-10507 | 1 Uclouvain | 1 Openjpeg | 2025-04-20 | N/A |
| Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. | ||||
| CVE-2016-4796 | 2 Fedoraproject, Uclouvain | 2 Fedora, Openjpeg | 2025-04-20 | N/A |
| Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. | ||||
| CVE-2016-10505 | 1 Uclouvain | 1 Openjpeg | 2025-04-20 | N/A |
| NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | ||||
| CVE-2017-12982 | 1 Uclouvain | 1 Openjpeg | 2025-04-20 | 5.5 Medium |
| The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. | ||||
| CVE-2017-14164 | 1 Uclouvain | 1 Openjpeg | 2025-04-20 | 8.8 High |
| A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152. | ||||