Openjpeg
Monthly
Integer overflow in OpenJPEG's opj_pi_initialise_encode function (versions 2.5.0-2.5.4) allows authenticated local attackers to trigger availability impact via crafted input to the pi.c library module. The vulnerability has a publicly available proof-of-concept and carries an EPSS score of 0.01% (2nd percentile), reflecting minimal real-world exploitation likelihood despite the presence of exploit code. Patch commit 839936aa33eb8899bbbd80fda02796bb65068951 is available from the vendor.
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
OpenJPEG is an open-source JPEG 2000 codec. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Integer overflow in OpenJPEG's opj_pi_initialise_encode function (versions 2.5.0-2.5.4) allows authenticated local attackers to trigger availability impact via crafted input to the pi.c library module. The vulnerability has a publicly available proof-of-concept and carries an EPSS score of 0.01% (2nd percentile), reflecting minimal real-world exploitation likelihood despite the presence of exploit code. Patch commit 839936aa33eb8899bbbd80fda02796bb65068951 is available from the vendor.
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
OpenJPEG is an open-source JPEG 2000 codec. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.