VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-zesv-73ju-z3d3

Essentials
Severities (31)
References (19)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-zesv-73ju-z3d3
Aliases	CVE-2024-56826
Summary	A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-122

Heap-based Buffer Overflow

System	Score	Found at
cvssv3.1	5.6	https://access.redhat.com/errata/RHSA-2025:7309
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:7309
cvssv3	5.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56826.json
cvssv3.1	5.6	https://access.redhat.com/security/cve/CVE-2024-56826
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-56826
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-56826
cvssv3.1	5.6	https://bugzilla.redhat.com/show_bug.cgi?id=2335172
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2335172
cvssv3.1	6.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.6	https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
ssvc	Track	https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
cvssv3.1	5.6	https://github.com/uclouvain/openjpeg/issues/1563
ssvc	Track	https://github.com/uclouvain/openjpeg/issues/1563

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56826.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-56826
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56826
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1092675		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092675
1563		https://github.com/uclouvain/openjpeg/issues/1563
cpe:/a:redhat:enterprise_linux:9::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
cpe:/o:redhat:enterprise_linux:10		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
CVE-2024-56826		https://access.redhat.com/security/cve/CVE-2024-56826
CVE-2024-56826		https://nvd.nist.gov/vuln/detail/CVE-2024-56826
e492644fbded4c820ca55b5e50e598d346e850e8		https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
RHSA-2025:7309		https://access.redhat.com/errata/RHSA-2025:7309
show_bug.cgi?id=2335172		https://bugzilla.redhat.com/show_bug.cgi?id=2335172
USN-7223-1		https://usn.ubuntu.com/7223-1/
USN-7623-1		https://usn.ubuntu.com/7623-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:7309

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:40:54Z/ Found at https://access.redhat.com/errata/RHSA-2025:7309

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56826.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2024-56826

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:40:54Z/ Found at https://access.redhat.com/security/cve/CVE-2024-56826

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2335172

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:40:54Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2335172

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:40:54Z/ Found at https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/uclouvain/openjpeg/issues/1563

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:40:54Z/ Found at https://github.com/uclouvain/openjpeg/issues/1563

Exploit Prediction Scoring System (EPSS)

Percentile	0.11772
EPSS Score	0.00042
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:48:42.651194+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/7223-1/	37.0.0