Uclouvain: >> Openjpeg >> 2.0 Security Vulnerabilities
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-02-03
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
CVSS Score
7.5
EPSS Score
0.02
Published
2016-10-03
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
CVSS Score
7.8
EPSS Score
0.003
Published
2016-09-21
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.027
Published
2016-09-21
The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
CVSS Score
6.5
EPSS Score
0.009
Published
2016-01-27
Page 4