CVE-2024-56827 — Heap-based Buffer Overflow in Openjpeg Project Openjpeg2

CWE-122 — Heap-based Buffer Overflow9 documents7 sources

Severity

5.6MEDIUMNVD

EPSS

0.0%

top 88.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Openjpeg Project Openjpeg2

Timeline

PublishedJan 9

Latest updateJul 8

Description

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:HExploitability: 1.3 | Impact: 4.2

Affected Packages2 packages

▶Debianthe_openjpeg_project/openjpeg2< 2.4.0-3+deb11u1+3

▶Ubuntuthe_openjpeg_project/openjpeg2< 2.3.1-1ubuntu4.20.04.4+4

🔴Vulnerability Details

OSV

openjpeg2 vulnerabilities↗2025-01-22

▶

OSV

CVE-2024-56827: A flaw was found in the OpenJPEG project↗2025-01-09

▶

GHSA

GHSA-jq5v-29wx-7grq: A flaw was found in the OpenJPEG project↗2025-01-09

▶

CVEList

Openjpeg: heap buffer overflow in lib/openjp2/j2k.c↗2025-01-09

▶

📋Vendor Advisories

Ubuntu

Ghostscript vulnerabilities↗2025-07-08

▶

Ubuntu

OpenJPEG vulnerabilities↗2025-01-22

▶

Red Hat

openjpeg: heap buffer overflow in lib/openjp2/j2k.c↗2024-12-24

▶

Debian

CVE-2024-56827: openjpeg2 - A flaw was found in the OpenJPEG project. A heap buffer overflow condition may b...↗2024

▶