CVE-2025-54874

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenJPEG versions 2.5.3 and earlier

Description OpenJPEG is an open-source JPEG 2000 codec. A call to the opj jp2 read header function may lead to an out-of-bounds heap memory write when the data stream p stream is too short and p image is not initialized.

Recommendations Update OpenJPEG to a version later than 2.5.3.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457

Related Identifiers

ALSA-2025:13944

ALT-PU-2025-12044

AZL-66090

AZL-66114

BDU:2025-13203

CVE-2025-54874

OPENSUSE-SU-2025:15421-1

OPENSUSE-SU-2026:20842-1

RHSA-2025:13944

USN-7757-1

Affected Products

Alt Linux

Linuxmint

Openjpeg

Ubuntu

CVE-2025-54874

Weakness Enumeration

Related Identifiers

Affected Products

References · 46