Heap Buffer Overflow in OpenJPEG Project Affecting Multiple Applications
CVE-2024-56827

5.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 9 January 2025

Summary

A vulnerability exists in the OpenJPEG project, where a heap buffer overflow may occur when specific parameters are utilized within the opj_decompress utility. This flaw can lead to application crashes or unpredictable behavior, compromising software reliability and security. Users are encouraged to review their OpenJPEG implementations and apply necessary mitigations to safeguard against potential exploitation.

References

https://access.redhat.com/security/cve/CVE-2024-56827

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2335174

issue-trackingx_refsource_REDHAT

https://github.com/uclouvain/openjpeg/commit/e492644fbded...

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2025
Vulnerability Reserved
Jan 1, 2025

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Frank Zeng (Huazhong University of Science and Technology) for reporting this issue.