Search for vulnerabilities
Vulnerability details: VCID-yhvk-n5vb-muas
Vulnerability ID VCID-yhvk-n5vb-muas
Aliases CVE-2024-56826
Summary A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3.1 5.6 https://access.redhat.com/errata/RHSA-2025:7309
ssvc Track https://access.redhat.com/errata/RHSA-2025:7309
cvssv3 5.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56826.json
cvssv3.1 5.6 https://access.redhat.com/security/cve/CVE-2024-56826
ssvc Track https://access.redhat.com/security/cve/CVE-2024-56826
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-56826
cvssv3.1 5.6 https://bugzilla.redhat.com/show_bug.cgi?id=2335172
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2335172
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.6 https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
ssvc Track https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
cvssv3.1 5.6 https://github.com/uclouvain/openjpeg/issues/1563
ssvc Track https://github.com/uclouvain/openjpeg/issues/1563
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56826.json
https://access.redhat.com/security/cve/CVE-2024-56826
https://api.first.org/data/v1/epss?cve=CVE-2024-56826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56826
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
https://github.com/uclouvain/openjpeg/issues/1563
1092675 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092675
2335172 https://bugzilla.redhat.com/show_bug.cgi?id=2335172
cpe:/a:redhat:enterprise_linux:9::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
CVE-2024-56826 https://nvd.nist.gov/vuln/detail/CVE-2024-56826
RHSA-2025:7309 https://access.redhat.com/errata/RHSA-2025:7309
USN-7223-1 https://usn.ubuntu.com/7223-1/
USN-7623-1 https://usn.ubuntu.com/7623-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:7309
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:40:54Z/ Found at https://access.redhat.com/errata/RHSA-2025:7309
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56826.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2024-56826
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:40:54Z/ Found at https://access.redhat.com/security/cve/CVE-2024-56826
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2335172
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:40:54Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2335172
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:40:54Z/ Found at https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/uclouvain/openjpeg/issues/1563
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:40:54Z/ Found at https://github.com/uclouvain/openjpeg/issues/1563
Exploit Prediction Scoring System (EPSS)
Percentile 0.12076
EPSS Score 0.00042
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:19:38.839246+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7223-1/ 36.1.3