Université Catholique de Louvain OpenJPEG 2.4.0

CPE Details

Université Catholique de Louvain OpenJPEG 2.4.0
uclouvain
openjpeg
2.4.0
2021-01-07
15h41 +00:00
2021-01-07
15h41 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:uclouvain:openjpeg:2.4.0:*:*:*:*:*:*:*

Informations

Vendor

uclouvain

Product

openjpeg

Version

2.4.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-1122 2022-03-29 15h25 +00:00 A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
5.5
Medium
CVE-2021-3575 2022-03-04 16h20 +00:00 A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.
7.8
High
CVE-2021-29338 2021-04-14 11h52 +00:00 Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
5.5
Medium