AVG-1390 log
| Package | openjpeg2 |
| Status | Vulnerable |
| Severity | Medium |
| Type | multiple issues |
| Affected | 2.4.0-1 |
| Fixed | Unknown |
| Current | 2.5.0-2 [extra] |
| Ticket | Create |
| Created | Tue Dec 29 11:13:58 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-29338 | Low | Yes | Denial of service | Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses... |
| CVE-2021-3575 | Medium | Yes | Arbitrary code execution | A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to... |
| CVE-2019-6988 | Low | Yes | Denial of service | An issue has been discovered in OpenJPEG 2.4.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in... |
| CVE-2018-20846 | Low | Yes | Denial of service | Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG... |
| CVE-2018-16376 | Medium | Yes | Arbitrary code execution | An issue was discovered in OpenJPEG 2.4.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The... |