VDB

ALPINE-CVE-2021-3575

ALPINE-CVE-2021-3575 PUBLISHED CVSS 7.800000190734863 HIGH

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

Risk Scores

CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.22openjpeg2.4.0-r4, 0, 1.3-r0
Alpine:v3.20openjpeg2.4.0-r4, 0, 1.3-r0
Alpine:v3.21openjpeg2.4.0-r4, 2.4.0-r3, 2.4.0-r2
Alpine:v3.16openjpeg0, 2.4.0-r4, 2.4.0-r3
Alpine:v3.23openjpeg0, 1.3-r0, 1.3-r1
Alpine:v3.19openjpeg2.4.0-r4, 2.4.0-r3, 2.4.0-r2
Alpine:v3.18openjpeg2.4.0-r4, 1.3-r0, 1.3-r1
Alpine:v3.17openjpeg2.4.0-r4, 2.4.0-r3, 2.4.0-r2

Timeline

  • Mar 4, 2022 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›