VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-apz4-uf57-zbbn

Essentials
Severities (30)
References (19)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-apz4-uf57-zbbn
Aliases	CVE-2024-56827
Summary	A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-122

Heap-based Buffer Overflow

System	Score	Found at
cvssv3.1	5.6	https://access.redhat.com/errata/RHSA-2025:7309
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:7309
cvssv3	5.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56827.json
cvssv3.1	5.6	https://access.redhat.com/security/cve/CVE-2024-56827
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-56827
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-56827
cvssv3.1	5.6	https://bugzilla.redhat.com/show_bug.cgi?id=2335174
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2335174
cvssv3.1	7.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.6	https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
ssvc	Track	https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
cvssv3.1	5.6	https://github.com/uclouvain/openjpeg/issues/1564
ssvc	Track	https://github.com/uclouvain/openjpeg/issues/1564

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56827.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-56827
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56827
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1092676		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092676
1564		https://github.com/uclouvain/openjpeg/issues/1564
cpe:/a:redhat:enterprise_linux:9::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
cpe:/o:redhat:enterprise_linux:10		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
CVE-2024-56827		https://access.redhat.com/security/cve/CVE-2024-56827
CVE-2024-56827		https://nvd.nist.gov/vuln/detail/CVE-2024-56827
e492644fbded4c820ca55b5e50e598d346e850e8		https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
RHSA-2025:7309		https://access.redhat.com/errata/RHSA-2025:7309
show_bug.cgi?id=2335174		https://bugzilla.redhat.com/show_bug.cgi?id=2335174
USN-7223-1		https://usn.ubuntu.com/7223-1/
USN-7623-1		https://usn.ubuntu.com/7623-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:7309

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:38:58Z/ Found at https://access.redhat.com/errata/RHSA-2025:7309

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56827.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2024-56827

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:38:58Z/ Found at https://access.redhat.com/security/cve/CVE-2024-56827

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2335174

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:38:58Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2335174

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:38:58Z/ Found at https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/uclouvain/openjpeg/issues/1564

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:38:58Z/ Found at https://github.com/uclouvain/openjpeg/issues/1564

Exploit Prediction Scoring System (EPSS)

Percentile	0.13469
EPSS Score	0.00045
Published At	Aug. 2, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:48:42.668492+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/7223-1/	37.0.0