Heap Buffer Overflow in OpenJPEG Affects Multiple Releases
CVE-2024-56826

5.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 9 January 2025

Summary

A heap buffer overflow vulnerability has been identified within the OpenJPEG project. This flaw arises when using specific options with the opj_decompress utility. Exploitation of this vulnerability may lead to application crashes or unexpected behavior, posing potential risks to data integrity and system stability. Users are advised to evaluate their use of affected OpenJPEG versions and implement necessary updates.

References

https://access.redhat.com/security/cve/CVE-2024-56826

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2335172

issue-trackingx_refsource_REDHAT

https://github.com/uclouvain/openjpeg/commit/e492644fbded...

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2025
Vulnerability Reserved
Jan 1, 2025

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Frank Zeng (Huazhong University of Science and Technology) for reporting this issue.