UclouvainCVEs & Vulnerabilities

82 CVEs affecting Uclouvain products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

openjpeg 99
CVE-2016-10507MEDIUM

Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.

30 Aug 2017
6.5
CVSS
CVE-2016-10506MEDIUM

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

30 Aug 2017
6.5
CVSS
CVE-2016-10505MEDIUM

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

30 Aug 2017
6.5
CVSS
CVE-2016-10504MEDIUMpoc

Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.

30 Aug 2017
6.5
CVSS
CVE-2017-12982MEDIUM

The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.

21 Aug 2017
5.5
CVSS
CVE-2016-4797MEDIUM

Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.

3 Feb 2017
5.5
CVSS
CVE-2016-4796MEDIUM

Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

3 Feb 2017
5.5
CVSS
CVE-2016-3183MEDIUM

The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.

3 Feb 2017
5.5
CVSS
CVE-2016-9675HIGH

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.

22 Dec 2016
7.8
CVSS
CVE-2016-9118MEDIUM

Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.

31 Oct 2016
5.3
CVSS
CVE-2016-9117MEDIUM

NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

31 Oct 2016
6.5
CVSS
CVE-2016-9116MEDIUM

NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

31 Oct 2016
6.5
CVSS
CVE-2016-9115MEDIUM

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

31 Oct 2016
6.5
CVSS
CVE-2016-9114HIGH

There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

31 Oct 2016
7.5
CVSS
CVE-2016-9113HIGH

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

31 Oct 2016
7.5
CVSS
CVE-2016-9112HIGH

Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.

29 Oct 2016
7.5
CVSS
CVE-2016-8332HIGH

A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.

28 Oct 2016
7.5
CVSS
CVE-2016-7445HIGH

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

3 Oct 2016
7.5
CVSS
CVE-2016-7163HIGH

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

21 Sep 2016
7.8
CVSS
CVE-2015-8871CRITICAL

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

21 Sep 2016
9.8
CVSS
CVE-2016-1924MEDIUM

The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

27 Jan 2016
6.5
CVSS
CVE-2016-1923MEDIUM

Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

27 Jan 2016
6.5
CVSS
CVE-2013-6053MEDIUM

OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

28 Apr 2014
5.0
CVSS
CVE-2013-6887MEDIUM

OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.

27 Apr 2014
6.4
CVSS
CVE-2013-4290CRITICAL

Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c.

18 Apr 2014
10.0
CVSS
CVE-2013-4289CRITICAL

Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.

18 Apr 2014
10.0
CVSS
CVE-2013-6054HIGH

Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.

12 Dec 2013
7.5
CVSS
CVE-2013-6052MEDIUM

OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

12 Dec 2013
5.0
CVSS
CVE-2013-6045HIGH

Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.

12 Dec 2013
7.5
CVSS
CVE-2013-1447MEDIUM

OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors.

12 Dec 2013
5.0
CVSS
CVE-2012-3535MEDIUM

Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.

6 Sep 2012
6.8
CVSS
CVE-2012-3358CRITICAL

Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.

19 Jul 2012
10.0
CVSS
CVE-2009-5030MEDIUM

The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free."

19 Jul 2012
6.8
CVSS
CVE-2012-1499CRITICAL

The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."

11 Apr 2012
9.3
CVSS
← PrevPage 2 / 2Next →
Uclouvain CVEs & Vulnerabilities — 82 Tracked — Page 2