CVE-2025-54874

UNKNOWN 0.0

OpenJPEG allows OOB heap memory write in opj_jp2_read_header

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.

CWE	CWE-457
Vendor	uclouvain
Product	openjpeg
Published	Aug 5, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for uclouvain openjpeg

Be the first to know when new unknown vulnerabilities affecting uclouvain openjpeg are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

uclouvain / openjpeg

>= 2.5.1, <= 2.5.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d github.com: https://github.com/uclouvain/openjpeg/pull/1573 securitylab.github.com: https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV