openjpeg2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An open source JPEG 2000 codec, version 2.4.0
Version 2.4.0-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1390 2.4.0-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-29338 AVG-1390 Low Yes Denial of service
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses...
CVE-2021-3575 AVG-1390 Medium Yes Arbitrary code execution
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to...
CVE-2019-6988 AVG-1390 Low Yes Denial of service
An issue has been discovered in OpenJPEG 2.4.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in...
CVE-2018-20846 AVG-1390 Low Yes Denial of service
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG...
CVE-2018-16376 AVG-1390 Medium Yes Arbitrary code execution
An issue was discovered in OpenJPEG 2.4.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1980 2.3.1-2 2.4.0-1 Medium Fixed FS#68906
AVG-1361 2.3.1-3 Medium Not affected
AVG-1339 2.3.1-2 2.4.0-1 Medium Fixed
AVG-54 2.1.2-2 2.2.0-1 High Fixed FS#54860
Issue Group Severity Remote Type Description
CVE-2020-27845 AVG-1339 Medium No Denial of service
An out-of-bounds read was discovered in lib/openjp2/pi.c:312 in OpenJPEG before version 2.4.0.
CVE-2020-27844 AVG-1361 Medium No Arbitrary code execution
A heap-based buffer overflow was discovered in lib/openjp2/t2.c:973 in the current master (commit 18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00) of OpenJPEG.
CVE-2020-27843 AVG-1339 Medium No Denial of service
An out-of-bounds read was found in opj_t2_encode_packet when small precincts and an origin shift are given in OpenJPEG before version 2.4.0.
CVE-2020-27842 AVG-1339 Medium No Denial of service
A null pointer dereference issue was found in lib/openjp2/tgt.c when a small precincts size, the option "-TP C" and non (0,0) grid offset are given in...
CVE-2020-27841 AVG-1339 Medium No Denial of service
An out-of-bounds read was discovered in lib/openjp2/pi.c:623 in OpenJPEG before version 2.4.0.
CVE-2020-27824 AVG-1339 Medium No Denial of service
In OpenJPEG before version 2.4.0, if too many decomposition levels are supplied to the encoder, it could cause a global buffer overflow to out-of-bounds...
CVE-2020-27823 AVG-1980 Medium No Arbitrary code execution
In openjpeg2 version 2.3.1 and prior, there is a heap buffer overflow in opj_tcd_dc_level_shift_encode() causing an out-of-bounds WRITE when crafted input...
CVE-2020-27814 AVG-1339 Medium No Arbitrary code execution
A heap-buffer overwrite error was discovered in lib/openjp2/mqc.c in OpenJPEG before version 2.4.0. The vulnerability causes an out-of- bounds write, which...
CVE-2020-15389 AVG-1339 Medium No Denial of service
jp2/opj_decompress.c in OpenJPEG before version 2.4.0 has a use-after- free that can be triggered if there is a mix of valid and invalid files in a...
CVE-2020-8112 AVG-1339 Medium No Arbitrary code execution
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG before version 2.4.0 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than...
CVE-2020-6851 AVG-1339 Medium No Arbitrary code execution
OpenJPEG before version 2.4.0 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of...
CVE-2019-12973 AVG-1339 Medium No Denial of service
In OpenJPEG before version 2.4.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this...
CVE-2016-9118 AVG-54 High Yes Arbitrary code execution
A heap buffer overflow (WRITE of size 4) has been discovered in the pnmtoimage function of convert.c:1719 in OpenJPEG 2.1.2. An attacker could create a...
CVE-2016-9117 AVG-54 Medium Yes Denial of service
A NULL pointer access has been discovered in the  imagetopnm function of convert.c(jp2):1289 in OpenJPEG 2.1.2. Opening a crafted j2k file leads to an...
CVE-2016-9116 AVG-54 Medium Yes Denial of service
A NULL pointer access has been discovered in the  imagetopnm function of convert.c:2226(jp2) in OpenJPEG 2.1.2. Opening a crafted j2k file leads to an...
CVE-2016-9115 AVG-54 Medium Yes Denial of service
A heap buffer over-read has been discovered in the imagetotga function of convert.c(jp2):942 in OpenJPEG 2.1.2. Opening a specially crafted j2k file is...
CVE-2016-9114 AVG-54 Medium Yes Denial of service
There is a NULL pointer access in the  imagetopnm function of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after...
CVE-2016-9113 AVG-54 Medium Yes Denial of service
There is a NULL pointer dereference in the imagetobmp function of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after...

Advisories

Date Advisory Group Severity Type
09 Dec 2020 ASA-202012-21 AVG-1339 Medium multiple issues