Primary

Context

OpenJPEG Heap Buffer Overflow Vulnerability in opj_decompress Utility

Vulnerability

A heap buffer overflow vulnerability has been identified in the OpenJPEG project, specifically in version 2.5.2 of the opj_decompress utility. This vulnerability can be triggered by using the -t option with an argument of 1, leading to a heap buffer overflow that causes a crash or other undefined behavior.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to an application crash or potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling OpenJPEG with AddressSanitizer enabled, using Clang as the compiler. After compiling the application, the opj_decompress utility can be run with the -t option set to 1, which triggers the heap buffer overflow.

Remediation

Users can update to OpenJPEG version 2.5.3, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenJPEG Heap Buffer Overflow Vulnerability in opj_decompress Utility

Vulnerability

Impact

Reproduction

Remediation

Affected Products

OpenJPEG

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating