CVE-2025-54874
Published: May 8, 2025
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
CRITICAL
CVSS v3: 9.8
CVSS v3: 9.8
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | openjpeg (2.5.3) | Needs Triage | ||
| 25.3 | openjpeg (2.5.3) | Resolved | Code Not Present | Patched applied from https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d |
| 25.2 | openjpeg (2.5.3) | Needs Triage | ||
| 25.1.1 | openjpeg (2.5.3) | Needs Triage | ||
| 25.1 | openjpeg (2.5.0) | Needs Triage | ||
| 24.4 | openjpeg (2.5.0) | Needs Triage | ||
| 24.4.0 | openjpeg (2.5.0) | Needs Triage | ||
| 24.3 | openjpeg (2.5.0) | Needs Triage | ||
| 24.2.1 | openjpeg (2.5.0) | Needs Triage | ||
| 24.2 | openjpeg (2.5.0) | Needs Triage | ||
| 24.1 | openjpeg (2.5.0) | Needs Triage | ||
| 23.3 | openjpeg (2.5.0) | Needs Triage | ||
| 23.2.1 | openjpeg (2.4.0) | Needs Triage | ||
| 23.2 | openjpeg (2.4.0) | Needs Triage | ||
| 23.1 | openjpeg (2.4.0) | Needs Triage | ||
| 22.4 | openjpeg (2.4.0) | Needs Triage | ||
| 22.3 | openjpeg (2.4.0) | Needs Triage | ||
| 22.2 | openjpeg (2.4.0) | Needs Triage | ||
| 22.1 | openjpeg (2.4.0) | Needs Triage | ||
| 21.11.1 | openjpeg (2.4.0) | Needs Triage | ||
| 21.11 | openjpeg (2.4.0) | Needs Triage | ||
| 21.8.1 | openjpeg (2.4.0) | Needs Triage | ||
| 21.8 | openjpeg (2.4.0) | Needs Triage | ||
| 21.5.1 | openjpeg (2.4.0) | Needs Triage | ||
| 21.5.0 | openjpeg (2.4.0) | Needs Triage | ||
| 21.2.0 | openjpeg (2.4.0) | Needs Triage | ||
| 11.4.20 | openjpeg (2.3.1) | Needs Triage | ||
| 11.4.19.3667 | openjpeg (2.3.1) | Needs Triage | ||
| 11.4.18.3599 | openjpeg (2.3.1) | Needs Triage | ||
| 11.4.17 | openjpeg (2.3.1) | Needs Triage | ||
| 11.4.16.3445 | openjpeg (2.3.1) | Needs Triage | ||
| 11.4.15.3368 | openjpeg (2.3.1) | Needs Triage | ||
| 11.4.14.3263 | openjpeg (2.3.0) | Needs Triage | ||
| 11.4.13.3179 | openjpeg (2.3.0) | Needs Triage | ||
| 11.4.12.3054 | openjpeg (2.3.0) | Needs Triage | ||
| 11.4.11.3040 | openjpeg (2.3.0) | Needs Triage | ||
| 11.4.11.2990 | openjpeg (2.3.0) | Needs Triage | ||
| 11.4.10.2934 | openjpeg (2.3.0) | Needs Triage | ||
| 11.4.9.2878 | openjpeg (2.3.0) | Needs Triage |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
9.8
Base Severity
CRITICAL
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version
3.1