Openjpeg Openjpeg Openjpeg

stack.watch can notify you when security vulnerabilities are reported in Openjpeg Openjpeg. You can add multiple products that you use with Openjpeg to create your own personal software stack watcher.

By the Year

In 2020 there have been 2 vulnerabilities in Openjpeg Openjpeg with an average score of 8.2 out of ten. Last year Openjpeg had 4 security vulnerabilities published. Right now, Openjpeg is on track to have less security vulerabilities in 2020 than it did last year. However, the average CVE base score of the vulnerabilities in 2020 is greater by 1.33.

Year Vulnerabilities Average Score
2020 2 8.15
2019 4 6.83
2018 6 7.43

It may take a day or so for new Openjpeg vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Openjpeg Openjpeg Security Vulnerabilities

opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case

CVE-2020-8112 8.8 - High - January 28, 2020

opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.

Out-of-bounds Write

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c

CVE-2020-6851 7.5 - High - January 13, 2020

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

Out-of-bounds Write

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0

CVE-2018-20845 6.5 - Medium - June 26, 2019

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

Divide By Zero

Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0

CVE-2018-20846 6.5 - Medium - June 26, 2019

Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

Improper Input Validation

An improper computation of p_tx0

CVE-2018-20847 8.8 - High - June 26, 2019

An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.

Integer Overflow or Wraparound

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c

CVE-2019-12973 5.5 - Medium - June 26, 2019

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.

Uncontrolled Resource Consumption ('Resource Exhaustion')

An issue was discovered in OpenJPEG 2.3.0

CVE-2018-16375 8.8 - High - September 03, 2018

An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.

Memory Corruption

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0

CVE-2018-14423 7.5 - High - July 19, 2018

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

Divide By Zero

An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0

CVE-2018-7648 9.8 - Critical - March 02, 2018

An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.

Memory Corruption

In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c

CVE-2018-6616 5.5 - Medium - February 04, 2018

In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

Uncontrolled Resource Consumption ('Resource Exhaustion')

In OpenJPEG 2.3.0

CVE-2018-5785 6.5 - Medium - January 19, 2018

In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

Integer Overflow or Wraparound

In OpenJPEG 2.3.0

CVE-2018-5727 6.5 - Medium - January 16, 2018

In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

Integer Overflow or Wraparound