Search for vulnerabilities
Vulnerability details: VCID-fqag-ebfc-4bbb
Vulnerability ID VCID-fqag-ebfc-4bbb
Aliases CVE-2024-56827
Summary A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3.1 5.6 https://access.redhat.com/errata/RHSA-2025:7309
ssvc Track https://access.redhat.com/errata/RHSA-2025:7309
cvssv3 5.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56827.json
cvssv3.1 5.6 https://access.redhat.com/security/cve/CVE-2024-56827
ssvc Track https://access.redhat.com/security/cve/CVE-2024-56827
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-56827
cvssv3.1 5.6 https://bugzilla.redhat.com/show_bug.cgi?id=2335174
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2335174
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.6 https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
ssvc Track https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
cvssv3.1 5.6 https://github.com/uclouvain/openjpeg/issues/1564
ssvc Track https://github.com/uclouvain/openjpeg/issues/1564
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56827.json
https://access.redhat.com/security/cve/CVE-2024-56827
https://api.first.org/data/v1/epss?cve=CVE-2024-56827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56827
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
https://github.com/uclouvain/openjpeg/issues/1564
1092676 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092676
2335174 https://bugzilla.redhat.com/show_bug.cgi?id=2335174
cpe:/a:redhat:enterprise_linux:9::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
CVE-2024-56827 https://nvd.nist.gov/vuln/detail/CVE-2024-56827
RHSA-2025:7309 https://access.redhat.com/errata/RHSA-2025:7309
USN-7223-1 https://usn.ubuntu.com/7223-1/
USN-7623-1 https://usn.ubuntu.com/7623-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:7309
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:38:58Z/ Found at https://access.redhat.com/errata/RHSA-2025:7309
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56827.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2024-56827
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:38:58Z/ Found at https://access.redhat.com/security/cve/CVE-2024-56827
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2335174
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:38:58Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2335174
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:38:58Z/ Found at https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/uclouvain/openjpeg/issues/1564
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:38:58Z/ Found at https://github.com/uclouvain/openjpeg/issues/1564
Exploit Prediction Scoring System (EPSS)
Percentile 0.1367
EPSS Score 0.00045
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:19:38.851289+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7223-1/ 36.1.3