CVE-2024-56826

EUVD-2024-53437
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Debian logo
Debian Releases
Debian Product
Codename
openjpeg2
bookworm
2.5.0-2+deb12u2
fixed
bookworm (security)
2.5.0-2+deb12u1
fixed
bullseye
vulnerable
bullseye (security)
2.4.0-3+deb11u2
fixed
forky
2.5.3-2.1
fixed
sid
2.5.3-2.1
fixed
trixie
2.5.3-2.1~deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjpeg2
bionic
Fixed 2.3.0-2+deb10u2ubuntu0.1~esm4
released
focal
Fixed 2.3.1-1ubuntu4.20.04.4
released
jammy
Fixed 2.4.0-6ubuntu0.3
released
noble
Fixed 2.5.0-2ubuntu0.3
released
oracular
Fixed 2.5.0-2ubuntu1.2
released
plucky
Fixed 2.5.0-2ubuntu3
released
questing
Fixed 2.5.0-2ubuntu3
released
xenial
Fixed 2.1.2-1.1+deb9u6ubuntu0.1~esm7
released
insighttoolkit4
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
needs-triage
qtwebengine-opensource-src
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
blender
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
texmaker
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
ghostscript
bionic
Fixed 9.26~dfsg+0-0ubuntu0.18.04.18+esm4
released
focal
not-affected
jammy
not-affected
noble
not-affected
oracular
not-affected
plucky
not-affected
questing
not-affected
xenial
Fixed 9.26~dfsg+0-0ubuntu0.16.04.14+esm9
released
openjpeg
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libopenjp2-7
suse enterprise desktop 15 SP6
2.3.0-150000.3.18.1
fixed
suse enterprise desktop 15 SP7
2.3.0-150000.3.18.1
fixed
suse enterprise sap 15 SP6
2.3.0-150000.3.18.1
fixed
suse enterprise sap 15 SP7
2.3.0-150000.3.18.1
fixed
suse enterprise server 15 SP4
2.3.0-150000.3.18.1
fixed
suse enterprise server 15 SP6
2.3.0-150000.3.18.1
fixed
suse enterprise server 15 SP7
2.3.0-150000.3.18.1
fixed
openjpeg2
suse enterprise desktop 15 SP6
2.3.0-150000.3.18.1
fixed
suse enterprise desktop 15 SP7
2.3.0-150000.3.18.1
fixed
suse enterprise sap 15 SP6
2.3.0-150000.3.18.1
fixed
suse enterprise sap 15 SP7
2.3.0-150000.3.18.1
fixed
suse enterprise server 15 SP4
2.3.0-150000.3.18.1
fixed
suse enterprise server 15 SP6
2.3.0-150000.3.18.1
fixed
suse enterprise server 15 SP7
2.3.0-150000.3.18.1
fixed
openjpeg2-devel
suse enterprise desktop 15 SP6
2.3.0-150000.3.18.1
fixed
suse enterprise desktop 15 SP7
2.3.0-150000.3.18.1
fixed
suse enterprise sap 15 SP6
2.3.0-150000.3.18.1
fixed
suse enterprise sap 15 SP7
2.3.0-150000.3.18.1
fixed
suse enterprise server 15 SP4
2.3.0-150000.3.18.1
fixed
suse enterprise server 15 SP6
2.3.0-150000.3.18.1
fixed
suse enterprise server 15 SP7
2.3.0-150000.3.18.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
openjpeg2
RHEL 9
0:2.4.0-8.el9
fixed
openjpeg2-devel
RHEL 9
0:2.4.0-8.el9
fixed
openjpeg2-tools
RHEL 9
0:2.4.0-8.el9
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:7309
https://access.redhat.com/security/cve/CVE-2024-56826
https://bugzilla.redhat.com/show_bug.cgi?id=2335172
https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
https://github.com/uclouvain/openjpeg/issues/1563
https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html