Search CVE reports
61 – 70 of 90 results
CVE-2016-9116
Low priorityNULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
3 affected packages
ghostscript, openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
openjpeg | Not in release | Not in release | Not in release | Not in release | Ignored |
openjpeg2 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2016-9115
Low priorityHeap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
3 affected packages
ghostscript, openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
openjpeg | Not in release | Not in release | Not in release | Not in release | Ignored |
openjpeg2 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2016-9114
Low priorityThere is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
3 affected packages
ghostscript, openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
openjpeg | Not in release | Not in release | Not in release | Not in release | Ignored |
openjpeg2 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2016-9113
Low priorityThere is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
3 affected packages
ghostscript, openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
openjpeg | Not in release | Not in release | Not in release | Not in release | Ignored |
openjpeg2 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2016-9112
Low prioritySome fixes available 2 of 6
Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.
2 affected packages
openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openjpeg | Not in release | Not in release | Not in release | Not in release | Fixed |
openjpeg2 | Not affected | Not affected | Not affected | Not affected | Fixed |
CVE-2016-8332
Medium priorityA buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library....
2 affected packages
openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openjpeg | — | — | — | — | Not affected |
openjpeg2 | — | — | — | — | Fixed |
CVE-2016-7445
Low prioritySome fixes available 2 of 6
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
2 affected packages
openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openjpeg | Not in release | Not in release | Not in release | Not in release | Fixed |
openjpeg2 | Not affected | Not affected | Not affected | Not affected | Fixed |
CVE-2016-7163
Medium prioritySome fixes available 8 of 10
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
2 affected packages
openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openjpeg | — | — | — | Not in release | Not affected |
openjpeg2 | — | — | — | Fixed | Fixed |
CVE-2015-8871
Medium prioritySome fixes available 1 of 5
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
2 affected packages
openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openjpeg | — | — | — | Not in release | Not affected |
openjpeg2 | — | — | — | Not affected | Fixed |
CVE-2016-5159
Medium prioritySome fixes available 10 of 16
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow)...
4 affected packages
chromium-browser, openjpeg, openjpeg2, oxide-qt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | — | — | — | Fixed | Fixed |
openjpeg | — | — | — | Not in release | Not affected |
openjpeg2 | — | — | — | Not affected | Fixed |
oxide-qt | — | — | — | Not in release | Not affected |