NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.
NULL Pointer Dereference
Improper Restriction of Operations within the Bounds of a Memory Buffer
-
Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
---|---|---|---|---|---|
debian/openjpeg2 | deb | debian | 12 | >=2.5.0-2 | Not yet available |
debian/openjpeg2 | deb | debian | 11 | >=2.4.0-3 | Not yet available |
debian/openjpeg2 | deb | debian | unstable | >=2.5.0-2 | Not yet available |
debian/openjpeg2 | deb | debian | 13 | >=2.5.0-2 | Not yet available |
debian/openjpeg2 | deb | debian | 10 | >=2.3.0-2+deb10u2 | Not yet available |
Severity and metrics
No CVSS data available from this source.
2.8
2.8
1.8
2.8