VulnerableCode Package Details - pkg:alpm/archlinux/openjpeg2@2.4.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-898n-muvn-cyec Aliases: CVE-2018-20846	Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).	2.5.0-1 Affected by 0 other vulnerabilities.
VCID-bfn9-bjca-s7ev Aliases: CVE-2021-29338	Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.	2.5.0-1 Affected by 0 other vulnerabilities.
VCID-ndnf-pt9s-gydr Aliases: CVE-2019-6988	An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.	2.5.0-1 Affected by 0 other vulnerabilities.
VCID-uqsw-phs9-9fh7 Aliases: CVE-2018-16376	openjpeg: Heap-based buffer overflow in function t2_encode_packet in src/lib/openmj2/t2.c	2.5.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-898n-muvn-cyec
Aliases:
CVE-2018-20846

Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

2.5.0-1
Affected by 0 other vulnerabilities.

VCID-bfn9-bjca-s7ev
Aliases:
CVE-2021-29338

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

2.5.0-1
Affected by 0 other vulnerabilities.

VCID-ndnf-pt9s-gydr
Aliases:
CVE-2019-6988

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

2.5.0-1
Affected by 0 other vulnerabilities.

VCID-uqsw-phs9-9fh7
Aliases:
CVE-2018-16376

openjpeg: Heap-based buffer overflow in function t2_encode_packet in src/lib/openmj2/t2.c

2.5.0-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4x37-bmwz-hbf8	There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.	CVE-2020-27845
VCID-5fh6-cp41-rubu	A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.	CVE-2020-27824
VCID-6rtq-2r74-p3g9	There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.	CVE-2020-27842
VCID-arkd-yxxn-jkcj	jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.	CVE-2020-15389
VCID-cbe5-31jj-8yes	There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.	CVE-2020-27841
VCID-cuqe-zr8z-cfc2	A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.	CVE-2020-27814
VCID-ggn3-ahvq-tqhg	OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.	CVE-2020-6851
VCID-gx9w-2b5k-ayb3	opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.	CVE-2020-8112
VCID-gzhs-y7tm-4fez	A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.	CVE-2020-27823
VCID-pxn7-8b33-2ydf	A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.	CVE-2020-27843
VCID-qs96-2s7h-r7fy	In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.	CVE-2019-12973

Vulnerability

Summary

Aliases

VCID-4x37-bmwz-hbf8

There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.

CVE-2020-27845

VCID-5fh6-cp41-rubu

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

CVE-2020-27824

VCID-6rtq-2r74-p3g9

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.

CVE-2020-27842

VCID-arkd-yxxn-jkcj

jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.

CVE-2020-15389

VCID-cbe5-31jj-8yes

There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.

CVE-2020-27841

VCID-cuqe-zr8z-cfc2

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

CVE-2020-27814

VCID-ggn3-ahvq-tqhg

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

CVE-2020-6851

VCID-gx9w-2b5k-ayb3

opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.

CVE-2020-8112

VCID-gzhs-y7tm-4fez

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2020-27823

VCID-pxn7-8b33-2ydf

A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.

CVE-2020-27843

VCID-qs96-2s7h-r7fy

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.

CVE-2019-12973

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-31T11:37:53.865568+00:00	Arch Linux Importer	Fixing	VCID-gzhs-y7tm-4fez	https://security.archlinux.org/AVG-1980	37.0.0
2025-07-31T11:37:53.838351+00:00	Arch Linux Importer	Fixing	VCID-qs96-2s7h-r7fy	https://security.archlinux.org/AVG-1339	37.0.0
2025-07-31T11:37:53.809793+00:00	Arch Linux Importer	Fixing	VCID-arkd-yxxn-jkcj	https://security.archlinux.org/AVG-1339	37.0.0
2025-07-31T11:37:53.778409+00:00	Arch Linux Importer	Fixing	VCID-cuqe-zr8z-cfc2	https://security.archlinux.org/AVG-1339	37.0.0
2025-07-31T11:37:53.749775+00:00	Arch Linux Importer	Fixing	VCID-5fh6-cp41-rubu	https://security.archlinux.org/AVG-1339	37.0.0
2025-07-31T11:37:53.722885+00:00	Arch Linux Importer	Fixing	VCID-cbe5-31jj-8yes	https://security.archlinux.org/AVG-1339	37.0.0
2025-07-31T11:37:53.695969+00:00	Arch Linux Importer	Fixing	VCID-6rtq-2r74-p3g9	https://security.archlinux.org/AVG-1339	37.0.0
2025-07-31T11:37:53.669017+00:00	Arch Linux Importer	Fixing	VCID-pxn7-8b33-2ydf	https://security.archlinux.org/AVG-1339	37.0.0
2025-07-31T11:37:53.639888+00:00	Arch Linux Importer	Fixing	VCID-4x37-bmwz-hbf8	https://security.archlinux.org/AVG-1339	37.0.0
2025-07-31T11:37:53.611146+00:00	Arch Linux Importer	Fixing	VCID-ggn3-ahvq-tqhg	https://security.archlinux.org/AVG-1339	37.0.0
2025-07-31T11:37:53.582069+00:00	Arch Linux Importer	Fixing	VCID-gx9w-2b5k-ayb3	https://security.archlinux.org/AVG-1339	37.0.0
2025-07-31T11:37:30.989371+00:00	Arch Linux Importer	Affected by	VCID-uqsw-phs9-9fh7	https://security.archlinux.org/AVG-1390	37.0.0
2025-07-31T11:37:30.963697+00:00	Arch Linux Importer	Affected by	VCID-898n-muvn-cyec	https://security.archlinux.org/AVG-1390	37.0.0
2025-07-31T11:37:30.936749+00:00	Arch Linux Importer	Affected by	VCID-ndnf-pt9s-gydr	https://security.archlinux.org/AVG-1390	37.0.0
2025-07-31T11:37:30.907452+00:00	Arch Linux Importer	Affected by	VCID-bfn9-bjca-s7ev	https://security.archlinux.org/AVG-1390	37.0.0