Описание
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| openjpeg2 | fixed | 2.5.3-2.1 | package | |
| openjpeg2 | no-dsa | trixie | package | |
| openjpeg2 | not-affected | bookworm | package | |
| openjpeg2 | not-affected | bullseye | package |
Примечания
https://github.com/uclouvain/openjpeg/pull/1573
Introduced with: https://github.com/uclouvain/openjpeg/commit/0f528e95788863608aa1772f5370659edf618793 (v2.5.1)
Fixed by: https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d (master)
https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/
EPSS
Связанные уязвимости
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
EPSS