INFSA-2025:7309: openjpeg2 security update
Information about definition
Identificator: INFSA-2025:7309
Type: security
Release date: 2025-06-10 11:40:01 UTC
Information about package
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.
Vulnerabilities description
- CVE-2024-56826
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
- CVE-2024-56827
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-56826
|
no information | 5.6 | no information |
|
NIST — CVE-2024-56827
|
no information | 5.6 | no information |
Updated packages