CVE-2024-56826
Advisory lineage Upstream: 0 Downstream: 11
Deferred
Published: 09 Jan 2025, 03:40
Last modified:06 Nov 2025, 22:33
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.6 MEDIUM
v3.1 (cve.org)
EPSS Score
0.04% LOW
0% probability -0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
09 Jan 2025, 03:40
Published
Vulnerability first disclosed
06 Nov 2025, 22:33
Last Modified
Vulnerability information updated
Description
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.6CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
EPSS Trends
Current EPSS score: 0.04%• Percentile: 14%
Techniques & Countermeasures
- CWE-122•Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
References (6)
- https://access.redhat.com/errata/RHSA-2025:7309
- https://access.redhat.com/security/cve/CVE-2024-56826
- https://bugzilla.redhat.com/show_bug.cgi?id=2335172
- https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
- https://github.com/uclouvain/openjpeg/issues/1563
- https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html