CVE-2025-54874

Опубликовано: 05 авг. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.

Ссылки

https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d
Patch
https://github.com/uclouvain/openjpeg/pull/1573
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*

Версия до 2.5.3 (включая)

EPSS

Процентиль: 17%

0.00053

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-457

Связанные уязвимости

CVE-2025-54874

CVSS3: 9.8

ubuntu

3 месяца назад

CVE-2025-54874

CVSS3: 8

redhat

3 месяца назад

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.

CVE-2025-54874

CVSS3: 9.8

debian

3 месяца назад

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 thr ...

RLSA-2025:13944

rocky

около 1 месяца назад

Important: openjpeg2 security update

ELSA-2025-13944

oracle-oval

3 месяца назад

ELSA-2025-13944: openjpeg2 security update (IMPORTANT)

EPSS

Процентиль: 17%

0.00053

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-457