VDB
DEBIAN-CVE-2025-54874
DEBIAN-CVE-2025-54874
PUBLISHED
CVSS 9.800000190734863 CRITICAL
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | openjpeg2 | 2.5.3-2.1, 2.5.3-2, 2.5.3-2.1~deb13u1 |
| Debian:13 | openjpeg2 | 0, 2.5.3-2, 2.5.3-2 |
Timeline
- Aug 5, 2025 CVE Published
- Apr 28, 2026 CVE Updated