CVE-2024-56826

MEDIUM EPSS 21.8%
Published Jan 9, 20251y ago · Modified Jun 17, 20261w ago
5.6 CVSS 3.1
Medium
Find Similar
Published Jan 9, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

CVSS Details

Base Score
5.6
Exploitability
1.3
Impact
4.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
21.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-122

References 6

  • access.redhat.com https://access.redhat.com/errata/RHSA-2025:7309
  • access.redhat.com https://access.redhat.com/security/cve/CVE-2024-56826
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2335172
  • github.com https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
  • github.com https://github.com/uclouvain/openjpeg/issues/1563
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.