REDHAT-BUG-2386543: High severity OpenJPEG OpenJPEG vulnerability
Published Aug 5, 2025
·Updated
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opjjp2readheader may lead to OOB heap memory write when the data stream pstream is too short and pimage is not initialized.
Affected Software
1 affected component
OpenJPEG OpenJPEG<2.5.3
Event History
Aug 5, 2025
Data Sourced
via Red Hat·03:01 PM
DescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of REDHAT-BUG-2386543?
The severity of REDHAT-BUG-2386543 is classified as high due to the potential for out-of-bounds heap memory writes.
2
How do I fix REDHAT-BUG-2386543?
To fix REDHAT-BUG-2386543, you should update OpenJPEG to version 2.5.4 or later.
3
Which versions of OpenJPEG are affected by REDHAT-BUG-2386543?
OpenJPEG versions 2.5.3 and earlier are affected by REDHAT-BUG-2386543.
4
What could happen if REDHAT-BUG-2386543 is exploited?
If REDHAT-BUG-2386543 is exploited, it may lead to arbitrary memory corruption, potentially allowing an attacker to execute arbitrary code.
5
Is there a workaround for REDHAT-BUG-2386543?
Currently, there is no official workaround for REDHAT-BUG-2386543 apart from upgrading to a patched version.