CVE-2026-6192
uclouvain openjpeg pi.c opj_pi_initialise_encode integer overflow
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
2th
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.
| CWE | CWE-190 CWE-189 |
| Vendor | uclouvain |
| Product | openjpeg |
| Published | Apr 13, 2026 |
| Last Updated | Apr 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for uclouvain openjpeg
Be the first to know when new low vulnerabilities affecting uclouvain openjpeg are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
uclouvain / openjpeg
2.5.0 2.5.1 2.5.2 2.5.3 2.5.4
References
vuldb.com: https://vuldb.com/vuln/357114 vuldb.com: https://vuldb.com/vuln/357114/cti vuldb.com: https://vuldb.com/submit/797385 github.com: https://github.com/uclouvain/openjpeg/issues/1619 github.com: https://github.com/uclouvain/openjpeg/pull/1628 github.com: https://github.com/uclouvain/openjpeg/commit/839936aa33eb8899bbbd80fda02796bb65068951 github.com: https://github.com/uclouvain/openjpeg/
Credits
๐ Kery Qi (VulDB User)