CVE-2024-56826

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

References

Affected packages

Debian:11 / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/debian/openjpeg2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-3+deb11u1

Affected versions

2.*

2.4.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/debian/openjpeg2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-2+deb12u1

Affected versions

2.*

2.5.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/debian/openjpeg2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.3-1

Affected versions

2.*

2.5.0-2

2.5.3-1~exp1

2.5.3-1~exp2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/uclouvain/openjpeg

Affected ranges

Type: GIT
Repo: https://github.com/uclouvain/openjpeg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e492644fbded4c820ca55b5e50e598d346e850e8

Affected versions

v2.*

v2.2.0

v2.3.0

v2.3.1

v2.4.0

v2.5.0

v2.5.1

v2.5.2