CVE-2025-54874

Name
CVE-2025-54874
Description
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d
MISC https://github.com/uclouvain/openjpeg/pull/1573
MISC https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV

Match rules

CPE URI Source package Min version Max version
openjpeg >= 0 <= 2.5.3
cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:* openjpeg >= None <= 2.5.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
qt6-qtwebengine edge-community 6.9.2-r1 Bart Ribbers <bribbers@disroot.org> fixed
openjpeg edge-main 2.5.3-r1 Francesco Colista <fcolista@alpinelinux.org> fixed
openjpeg edge-main 2.5.3-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
openjpeg edge-main 2.5.2-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
openjpeg edge-main 2.5.0-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
openjpeg edge-main 2.4.0-r4 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
openjpeg edge-main 2.4.0-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
openjpeg edge-main 2.4.0-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
openjpeg edge-main 2.4.0-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
openjpeg edge-main 2.4.0-r0 None possibly vulnerable
openjpeg edge-main 2.3.1-r6 None possibly vulnerable
openjpeg edge-main 2.3.1-r5 None possibly vulnerable
openjpeg edge-main 2.3.1-r3 None possibly vulnerable
openjpeg edge-main 2.3.0-r3 None possibly vulnerable
openjpeg edge-main 2.3.0-r2 None possibly vulnerable
openjpeg edge-main 2.3.0-r1 None possibly vulnerable
openjpeg edge-main 2.3.0-r0 None possibly vulnerable
openjpeg edge-main 2.2.0-r2 None possibly vulnerable
openjpeg edge-main 2.2.0-r1 None possibly vulnerable
openjpeg edge-main 2.1.2-r1 None possibly vulnerable
openjpeg 3.22-main 2.5.3-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
openjpeg 3.22-main 2.5.0-r0 None possibly vulnerable
openjpeg 3.22-main 2.4.0-r1 None possibly vulnerable
openjpeg 3.22-main 2.4.0-r0 None possibly vulnerable
openjpeg 3.22-main 2.3.1-r6 None possibly vulnerable
openjpeg 3.22-main 2.3.1-r5 None possibly vulnerable
openjpeg 3.22-main 2.3.1-r3 None possibly vulnerable
openjpeg 3.22-main 2.3.0-r3 None possibly vulnerable
openjpeg 3.22-main 2.3.0-r2 None possibly vulnerable
openjpeg 3.22-main 2.3.0-r1 None possibly vulnerable
openjpeg 3.22-main 2.3.0-r0 None possibly vulnerable
openjpeg 3.22-main 2.2.0-r2 None possibly vulnerable
openjpeg 3.22-main 2.2.0-r1 None possibly vulnerable
openjpeg 3.22-main 2.1.2-r1 None possibly vulnerable
openjpeg 3.21-main 2.5.2-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
openjpeg 3.21-main 2.5.0-r0 None possibly vulnerable
openjpeg 3.21-main 2.4.0-r1 None possibly vulnerable
openjpeg 3.21-main 2.4.0-r0 None possibly vulnerable
openjpeg 3.21-main 2.3.1-r6 None possibly vulnerable
openjpeg 3.21-main 2.3.1-r5 None possibly vulnerable
openjpeg 3.21-main 2.3.1-r3 None possibly vulnerable
openjpeg 3.21-main 2.3.0-r3 None possibly vulnerable
openjpeg 3.21-main 2.3.0-r2 None possibly vulnerable
openjpeg 3.21-main 2.3.0-r1 None possibly vulnerable
openjpeg 3.21-main 2.3.0-r0 None possibly vulnerable
openjpeg 3.21-main 2.2.0-r2 None possibly vulnerable
openjpeg 3.21-main 2.2.0-r1 None possibly vulnerable
openjpeg 3.21-main 2.1.2-r1 None possibly vulnerable
openjpeg 3.20-main 2.5.2-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
openjpeg 3.20-main 2.5.0-r0 None possibly vulnerable
openjpeg 3.20-main 2.4.0-r1 None possibly vulnerable
openjpeg 3.20-main 2.4.0-r0 None possibly vulnerable
openjpeg 3.20-main 2.3.1-r6 None possibly vulnerable
openjpeg 3.20-main 2.3.1-r5 None possibly vulnerable
openjpeg 3.20-main 2.3.1-r3 None possibly vulnerable
openjpeg 3.20-main 2.3.0-r3 None possibly vulnerable
openjpeg 3.20-main 2.3.0-r2 None possibly vulnerable
openjpeg 3.20-main 2.3.0-r1 None possibly vulnerable
openjpeg 3.20-main 2.3.0-r0 None possibly vulnerable
openjpeg 3.20-main 2.2.0-r2 None possibly vulnerable
openjpeg 3.20-main 2.2.0-r1 None possibly vulnerable
openjpeg 3.20-main 2.1.2-r1 None possibly vulnerable
openjpeg 3.19-main 2.5.0-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
openjpeg 3.19-main 2.5.0-r0 None possibly vulnerable
openjpeg 3.19-main 2.4.0-r1 None possibly vulnerable
openjpeg 3.19-main 2.4.0-r0 None possibly vulnerable
openjpeg 3.19-main 2.3.1-r6 None possibly vulnerable
openjpeg 3.19-main 2.3.1-r5 None possibly vulnerable
openjpeg 3.19-main 2.3.1-r3 None possibly vulnerable
openjpeg 3.19-main 2.3.0-r3 None possibly vulnerable
openjpeg 3.19-main 2.3.0-r2 None possibly vulnerable
openjpeg 3.19-main 2.3.0-r1 None possibly vulnerable
openjpeg 3.19-main 2.3.0-r0 None possibly vulnerable
openjpeg 3.19-main 2.2.0-r2 None possibly vulnerable
openjpeg 3.19-main 2.2.0-r1 None possibly vulnerable
openjpeg 3.19-main 2.1.2-r1 None possibly vulnerable