Home

Description

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

PUBLISHED Reserved 2025-01-01 | Published 2025-01-09 | Updated 2025-11-06 | Assigner redhat




MEDIUM: 5.6CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H

Problem types

Heap-based Buffer Overflow

Product status

Default status
unknown

2.5.3 (semver) before *
unaffected

Default status
affected

0:2.4.0-8.el9 (rpm) before *
unaffected

Default status
unaffected

Default status
unknown

Default status
unknown

Default status
unknown

Default status
unknown

Default status
unknown

Timeline

2025-01-01:Reported to Red Hat.
2024-12-24:Made public.

Credits

Red Hat would like to thank Frank Zeng (Huazhong University of Science and Technology) for reporting this issue.

References

lists.debian.org/debian-lts-announce/2025/04/msg00002.html

access.redhat.com/errata/RHSA-2025:7309 (RHSA-2025:7309) vendor-advisory

access.redhat.com/security/cve/CVE-2024-56827 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2335174 (RHBZ#2335174) issue-tracking

github.com/...ommit/e492644fbded4c820ca55b5e50e598d346e850e8

github.com/uclouvain/openjpeg/issues/1564

cve.org (CVE-2024-56827)

nvd.nist.gov (CVE-2024-56827)

Download JSON