Untriaged
Permalink
CVE-2024-56826
5.6 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Openjpeg: heap buffer overflow in bin/common/color.c
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
References
- https://access.redhat.com/security/cve/CVE-2024-56826 x_refsource_REDHAT vdb-entry
- RHBZ#2335172 issue-tracking x_refsource_REDHAT
- https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346…
- https://github.com/uclouvain/openjpeg/issues/1563
- https://access.redhat.com/security/cve/CVE-2024-56826 x_refsource_REDHAT vdb-entry
- RHBZ#2335172 issue-tracking x_refsource_REDHAT
- https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346…
- https://github.com/uclouvain/openjpeg/issues/1563
- RHSA-2025:7309 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-56826 x_refsource_REDHAT vdb-entry
- RHBZ#2335172 issue-tracking x_refsource_REDHAT
- https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346…
- https://github.com/uclouvain/openjpeg/issues/1563
- RHSA-2025:7309 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-56826 x_refsource_REDHAT vdb-entry
- RHBZ#2335172 issue-tracking x_refsource_REDHAT
- https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346…
- https://github.com/uclouvain/openjpeg/issues/1563
- RHSA-2025:7309 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-56826 x_refsource_REDHAT vdb-entry
- RHBZ#2335172 issue-tracking x_refsource_REDHAT
- https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346…
- https://github.com/uclouvain/openjpeg/issues/1563
- RHSA-2025:7309 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-56826 x_refsource_REDHAT vdb-entry
- RHBZ#2335172 issue-tracking x_refsource_REDHAT
- https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346…
- https://github.com/uclouvain/openjpeg/issues/1563
- RHSA-2025:7309 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-56826 x_refsource_REDHAT vdb-entry
- RHBZ#2335172 issue-tracking x_refsource_REDHAT
- https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346…
- https://github.com/uclouvain/openjpeg/issues/1563
- https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html
- RHSA-2025:7309 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-56826 x_refsource_REDHAT vdb-entry
- RHBZ#2335172 issue-tracking x_refsource_REDHAT
- https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346…
- https://github.com/uclouvain/openjpeg/issues/1563
- https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html
Affected products
openjpeg
- *
openjpeg2
- *
gimp:flatpak/openjpeg2
Matching in nixpkgs
pkgs.openjpeg
Open-source JPEG 2000 codec written in C language
-
nixos-unstable -
- nixpkgs-unstable 2.5.2
pkgs.python312Packages.pylibjpeg-openjpeg
J2K and JP2 plugin for pylibjpeg
-
nixos-unstable -
- nixpkgs-unstable 2.5.0
pkgs.python313Packages.pylibjpeg-openjpeg
J2K and JP2 plugin for pylibjpeg
-
nixos-unstable -
- nixpkgs-unstable 2.5.0
Package maintainers
-
@codyopel Cody Opel <codyopel@gmail.com>
-
@bcdarwin Ben Darwin <bcdarwin@gmail.com>