Every CVE whose affected-product data names Uclouvain Openjpeg, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (82)
CVE-2013-4290 — CVSS 10.0 (critical): Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1)…
CVE-2012-3358 — CVSS 10.0 (critical): Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of…
CVE-2013-4289 — CVSS 10.0 (critical): Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors…
CVE-2018-7648 — CVSS 9.8 (critical): An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a…
CVE-2015-8871 — CVSS 9.8 (critical): Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have…
CVE-2025-54874 — CVSS 9.8 (critical): OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory…
CVE-2017-17479 — CVSS 9.8 (critical): In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an…
CVE-2017-17480 — CVSS 9.8 (critical): In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an…
CVE-2012-1499 — CVSS 9.3 (critical): The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP…
CVE-2017-14040 — CVSS 8.8 (high): An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The…
CVE-2020-8112 — CVSS 8.8 (high): opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a…
CVE-2014-0158 — CVSS 8.8 (high): Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service…
CVE-2018-21010 — CVSS 8.8 (high): OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
CVE-2018-20847 — CVSS 8.8 (high): An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through…
CVE-2018-16376 — CVSS 8.8 (high): An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in…
CVE-2018-16375 — CVSS 8.8 (high): An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in…
CVE-2017-14164 — CVSS 8.8 (high): A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an…
CVE-2017-14152 — CVSS 8.8 (high): A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an…
CVE-2017-14151 — CVSS 8.8 (high): An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes…
CVE-2017-14041 — CVSS 8.8 (high): A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an…
CVE-2017-14039 — CVSS 8.8 (high): A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability…
CVE-2020-27823 — CVSS 7.8 (high): A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during…
CVE-2020-27814 — CVSS 7.8 (high): A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an…
CVE-2021-3575 — CVSS 7.8 (high): A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker…
CVE-2016-7163 — CVSS 7.8 (high): Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted…
CVE-2020-27844 — CVSS 7.8 (high): A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to…
CVE-2016-9675 — CVSS 7.8 (high): openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to…
CVE-2016-8332 — CVSS 7.5 (high): A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution…
CVE-2016-9112 — CVSS 7.5 (high): Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.
CVE-2016-9114 — CVSS 7.5 (high): There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a…
CVE-2016-9113 — CVSS 7.5 (high): There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a…
CVE-2018-14423 — CVSS 7.5 (high): Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through…
CVE-2013-6045 — CVSS 7.5 (high): Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified…
CVE-2020-6851 — CVSS 7.5 (high): OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of…
CVE-2016-7445 — CVSS 7.5 (high): convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)…
CVE-2013-6054 — CVSS 7.5 (high): Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.
CVE-2009-5030 — CVSS 6.8 (medium): The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption)…
CVE-2012-3535 — CVSS 6.8 (medium): Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and…
CVE-2016-10506 — CVSS 6.5 (medium): Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0…
CVE-2016-9116 — CVSS 6.5 (medium): NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a…
CVE-2019-6988 — CVSS 6.5 (medium): An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation)…
CVE-2020-15389 — CVSS 6.5 (medium): jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a…
CVE-2016-10505 — CVSS 6.5 (medium): NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb…
CVE-2016-10504 — CVSS 6.5 (medium): Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause…
CVE-2016-9115 — CVSS 6.5 (medium): Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a…
CVE-2025-50952 — CVSS 6.5 (medium): openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.
CVE-2016-9573 — CVSS 6.5 (medium): An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to…
CVE-2018-5785 — CVSS 6.5 (medium): In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function…
CVE-2016-9117 — CVSS 6.5 (medium): NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a…
CVE-2015-1239 — CVSS 6.5 (medium): Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote…
CVE-2023-39329 — CVSS 6.5 (medium): A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file…
CVE-2016-1924 — CVSS 6.5 (medium): The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application…
CVE-2018-20845 — CVSS 6.5 (medium): Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0…
CVE-2018-20846 — CVSS 6.5 (medium): Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in…
CVE-2016-1923 — CVSS 6.5 (medium): Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of…
CVE-2016-10507 — CVSS 6.5 (medium): Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a…
CVE-2018-5727 — CVSS 6.5 (medium): In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could…
CVE-2013-6887 — CVSS 6.4 (medium): OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences…
CVE-2016-9572 — CVSS 5.9 (medium): A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code…
CVE-2020-27845 — CVSS 5.5 (medium): There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to…
CVE-2017-12982 — CVSS 5.5 (medium): The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows…
CVE-2016-4797 — CVSS 5.5 (medium): Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial…
CVE-2016-4796 — CVSS 5.5 (medium): Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of…
CVE-2016-3183 — CVSS 5.5 (medium): The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds…
CVE-2016-3182 — CVSS 5.5 (medium): The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory…
CVE-2018-6616 — CVSS 5.5 (medium): In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this…
CVE-2019-12973 — CVSS 5.5 (medium): In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this…
CVE-2020-27824 — CVSS 5.5 (medium): A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply…
CVE-2020-27841 — CVSS 5.5 (medium): There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be…
CVE-2020-27842 — CVSS 5.5 (medium): There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by…
CVE-2020-27843 — CVSS 5.5 (medium): A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion…
CVE-2021-29338 — CVSS 5.5 (medium): Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when…
CVE-2022-1122 — CVSS 5.5 (medium): A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files…
CVE-2023-39328 — CVSS 5.5 (medium): A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an…
CVE-2016-9118 — CVSS 5.3 (medium): Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.
CVE-2013-1447 — CVSS 5.0 (medium): OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related…
CVE-2013-6052 — CVSS 5.0 (medium): OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based…
CVE-2013-6053 — CVSS 5.0 (medium): OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.
CVE-2023-39327 — CVSS 4.3 (medium): A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning…
CVE-2016-9581 — CVSS 3.3 (low): An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.
CVE-2016-9580 — CVSS 3.3 (low): An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.