CVE-2024-56827
published 2025-01-09CVE-2024-56827: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress…
medium5.6CVSS 3.1
AVLACLPRLUIRSUCLINAH
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | >= 0 < 9.55.0~dfsg1-0ubuntu5.12 | 9.55.0~dfsg1-0ubuntu5.12 |
| artifex | ghostscript | >= 0 < 10.02.1~dfsg1-0ubuntu7.7 | 10.02.1~dfsg1-0ubuntu7.7 |
| artifex | ghostscript | >= 0 < 9.26~dfsg+0-0ubuntu0.16.04.14+esm9 | 9.26~dfsg+0-0ubuntu0.16.04.14+esm9 |
| artifex | ghostscript | >= 0 < 9.26~dfsg+0-0ubuntu0.18.04.18+esm4 | 9.26~dfsg+0-0ubuntu0.18.04.18+esm4 |
| artifex | ghostscript | >= 0 < 9.50~dfsg-5ubuntu4.15+esm1 | 9.50~dfsg-5ubuntu4.15+esm1 |
| debian | openjpeg2 | < openjpeg2 2.5.0-2+deb12u1 (bookworm) | openjpeg2 2.5.0-2+deb12u1 (bookworm) |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.4.0-3+deb11u1 | 2.4.0-3+deb11u1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.5.0-2+deb12u1 | 2.5.0-2+deb12u1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.5.3-1 | 2.5.3-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.5.3-1 | 2.5.3-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.3.1-1ubuntu4.20.04.4 | 2.3.1-1ubuntu4.20.04.4 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.4.0-6ubuntu0.3 | 2.4.0-6ubuntu0.3 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.5.0-2ubuntu0.3 | 2.5.0-2ubuntu0.3 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.1.2-1.1+deb9u6ubuntu0.1~esm7 | 2.1.2-1.1+deb9u6ubuntu0.1~esm7 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.3.0-2+deb10u2ubuntu0.1~esm4 | 2.3.0-2+deb10u2ubuntu0.1~esm4 |
CVSS provenance
nvdv3.15.6MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
osv5.6MEDIUM