VDB
CVE-2026-6192
CVE-2026-6192
PUBLISHED
CVSS 4.800000190734863 MEDIUM
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.
EPSS 0.02% · 4.2th percentile
Risk Scores
CVSS v4.0
4.800000190734863
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
EPSS Score
0.02%
4.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| uclouvain | openjpeg | 2.5.0, 2.5.1, 2.5.2 |
Timeline
- Apr 13, 2026 CVE Published
- Apr 13, 2026 CVE Updated
- Apr 13, 2026 Security Advisory
- Apr 14, 2026 EPSS Score
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
References
- VDB-357114 | uclouvain openjpeg pi.c opj_pi_initialise_encode integer overflow vdb
- VDB-357114 | CTI Indicators (IOB, IOC, IOA) url
- Submit #797385 | uclouvain openjpeg 2.5.4 Integer Overflow third-party-advisory
- https://github.com/uclouvain/openjpeg/issues/1619 exploit
- https://github.com/uclouvain/openjpeg/pull/1628 issue
- https://github.com/uclouvain/openjpeg/commit/839936aa33eb8899bbbd80fda02796bb65068951 patch
- https://github.com/uclouvain/openjpeg/ url
- https://nvd.nist.gov/vuln/detail/CVE-2026-6192 advisory
- https://github.com/uclouvain/openjpeg url