Primary

Context

OpenJPEG NULL Pointer Dereference Vulnerability in DWT Component

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in OpenJPEG version 2.5.0 and prior. The issue arises in the DWT component, specifically within the 'dwt.c' file.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash.

Reproduction

The vulnerability can be reproduced by compiling OpenJPEG with Clang, using the Undefined Behavior Sanitizer. After building and installing the application, the 'opj_decompress' command can be used to process a crafted file that triggers the NULL pointer dereference.

Remediation

Users can upgrade to OpenJPEG version 2.5.1 or later, where this vulnerability has been fixed.

Added: Aug 7, 2025, 3:17 PM

Updated: Aug 7, 2025, 3:17 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenJPEG NULL Pointer Dereference Vulnerability in DWT Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

uclouvain openjpeg

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating