CVE-2025-54874

Summary

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.

Affected Software

VendorProductVersion RangeStatus
uclouvainopenjpeg>= 2.5.1, <= 2.5.3affected

Weaknesses

  • CWE-457: CWE-457: Use of Uninitialized Variable

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References