CVE-2024-56827

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
redhatCNA
5.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Debian logo
Debian Releases
Debian Product
Codename
openjpeg2
bullseye
vulnerable
bullseye (security)
2.4.0-3+deb11u1
fixed
bookworm
2.5.0-2+deb12u1
fixed
bookworm (security)
2.5.0-2+deb12u1
fixed
sid
2.5.3-2
fixed
trixie
2.5.3-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
blender
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
ghostscript
plucky
not-affected
oracular
not-affected
noble
not-affected
jammy
not-affected
focal
not-affected
bionic
needs-triage
xenial
needs-triage
insighttoolkit4
plucky
dne
oracular
dne
noble
dne
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
openjpeg
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
xenial
not-affected
trusty
not-affected
openjpeg2
plucky
Fixed 2.5.0-2ubuntu3
released
oracular
Fixed 2.5.0-2ubuntu1.2
released
noble
Fixed 2.5.0-2ubuntu0.3
released
jammy
Fixed 2.4.0-6ubuntu0.3
released
focal
Fixed 2.3.1-1ubuntu4.20.04.4
released
bionic
Fixed 2.3.0-2+deb10u2ubuntu0.1~esm4
released
xenial
Fixed 2.1.2-1.1+deb9u6ubuntu0.1~esm7
released
qtwebengine-opensource-src
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
texmaker
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:7309
https://access.redhat.com/security/cve/CVE-2024-56827
https://bugzilla.redhat.com/show_bug.cgi?id=2335174
https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
https://github.com/uclouvain/openjpeg/issues/1564