Search CVE reports

1 – 10 of 79 results

Detailed view

Sort by:

CVE-2025-54874

Medium priority

Needs evaluation

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.

7 affected packages

openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, texmaker...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Needs evaluation
openjpeg	Not in release	Not in release	—	—

CVE-2025-50952

Medium priority

Needs evaluation

openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.

7 affected packages

openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, texmaker...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Needs evaluation
openjpeg	Not in release	Not in release	—	—

CVE-2024-56827

Medium priority

Some fixes available 9 of 33

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

7 affected packages

openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, texmaker...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	Fixed	Fixed	Fixed	Fixed
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Fixed
openjpeg	Not in release	Not in release	Not in release	—

CVE-2024-56826

Medium priority

Some fixes available 9 of 33

7 affected packages

openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, texmaker...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	Fixed	Fixed	Fixed	Fixed
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Fixed
openjpeg	Not in release	Not in release	Not in release	—

CVE-2023-39329

Medium priority

Vulnerable

A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.

7 affected packages

openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, texmaker...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	Vulnerable	Vulnerable	Vulnerable	Vulnerable
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	—

CVE-2023-39328

Medium priority

Vulnerable

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.

7 affected packages

openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, texmaker...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	Vulnerable	Vulnerable	Vulnerable	Vulnerable
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	—

CVE-2023-39327

Medium priority

Some fixes available 9 of 39

A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

7 affected packages

insighttoolkit4, qtwebengine-opensource-src, blender, texmaker, ghostscript...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Fixed
openjpeg	Not in release	Not in release	Not in release	—
openjpeg2	Fixed	Fixed	Fixed	Fixed

CVE-2022-1122

Low priority

Some fixes available 4 of 46

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls...

7 affected packages

insighttoolkit4, openjpeg2, ghostscript, blender, openjpeg...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg2	Not affected	Fixed	Fixed	Fixed
ghostscript	Not affected	Not affected	Not affected	Not affected
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-3575

Low priority

Some fixes available 7 of 60

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled...

7 affected packages

openjpeg2, blender, ghostscript, insighttoolkit4, openjpeg...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openjpeg2	Fixed	Fixed	Fixed	Fixed
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-29338

Low priority

Some fixes available 4 of 56

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option ”-ImgDir” on a directory that contains 1048576 files.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
blender	Vulnerable	Vulnerable	Vulnerable	Vulnerable
ghostscript	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Vulnerable	Vulnerable	Vulnerable
openjpeg	Not in release	Not in release	Not in release	Not in release
openjpeg2	Not affected	Fixed	Fixed	Fixed
qtwebengine-opensource-src	Vulnerable	Vulnerable	Vulnerable	Vulnerable
texmaker	Vulnerable	Vulnerable	Vulnerable	Vulnerable

Export to JSON

Results by page: