Search CVE reports
21 – 30 of 90 results
CVE-2018-21010
Medium prioritySome fixes available 2 of 58
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
8 affected packages
blender, gdcm, ghostscript, insighttoolkit4, openjpeg...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | Not in release | Ignored |
openjpeg2 | Not affected | Not affected | Not affected | Fixed | Fixed |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-12973
Low prioritySome fixes available 12 of 85
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to...
9 affected packages
blender, emscripten, gdcm, ghostscript, insighttoolkit4...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
emscripten | Ignored | Ignored | Not in release | Ignored | Ignored |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | Not in release | Not affected |
openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2018-20847
Medium prioritySome fixes available 1 of 72
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
8 affected packages
blender, emscripten, gdcm, insighttoolkit4, openjpeg...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
emscripten | Ignored | Ignored | Not in release | Ignored | Ignored |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | Not in release | Not affected |
openjpeg2 | Not affected | Not affected | Not affected | Not affected | Fixed |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2018-20846
Medium priorityOut-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service...
8 affected packages
blender, emscripten, gdcm, insighttoolkit4, openjpeg...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
emscripten | Ignored | Ignored | Not in release | Ignored | Ignored |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | Not in release | Not affected |
openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2018-20845
Medium prioritySome fixes available 1 of 80
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
8 affected packages
blender, emscripten, gdcm, insighttoolkit4, openjpeg...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
emscripten | Ignored | Ignored | Not in release | Ignored | Ignored |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | Not in release | Not affected |
openjpeg2 | Not affected | Not affected | Not affected | Fixed | Not affected |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-7663
Medium prioritySome fixes available 4 of 52
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this...
9 affected packages
chromium, gdal, openjpeg2, qt4-x11, qtimageformats-opensource-src...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium | Not in release | Not in release | Not in release | Not in release | Not in release |
gdal | Not affected | Not affected | Not affected | Not affected | Vulnerable |
openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
qt4-x11 | Not in release | Not in release | Not in release | Not affected | Not affected |
qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tiff | Not affected | Not affected | Not affected | Fixed | Fixed |
tiff3 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2019-6988
Low priorityAn issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c,...
3 affected packages
ghostscript, openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
openjpeg | Not in release | Not in release | Not in release | Not in release | Not affected |
openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2018-18088
Medium prioritySome fixes available 3 of 5
OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c
2 affected packages
openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openjpeg | Not in release | — | Not in release | Not in release | Fixed |
openjpeg2 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2018-16376
Low priorityAn issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of...
2 affected packages
openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openjpeg | — | — | Not in release | Not in release | Ignored |
openjpeg2 | — | — | Not affected | Not affected | Not affected |
CVE-2018-16375
Medium prioritySome fixes available 1 of 4
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
2 affected packages
openjpeg, openjpeg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openjpeg | — | — | Not in release | Not in release | Not affected |
openjpeg2 | — | — | Not affected | Fixed | Not affected |