Université Catholique de Louvain OpenJPEG 2.4.0

CPE Details

Université Catholique de Louvain OpenJPEG 2.4.0
uclouvain
openjpeg
2.4.0
2021-01-07
15h41 +00:00
2021-01-07
15h41 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:uclouvain:openjpeg:2.4.0:*:*:*:*:*:*:*

Informations

Vendor

uclouvain

Product

openjpeg

Version

2.4.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-1122 2022-03-29 15h25 +00:00 A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
5.5
Medium
CVE-2021-3575 2022-03-04 16h20 +00:00 A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.
7.8
High
CVE-2021-29338 2021-04-14 11h52 +00:00 Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.