JLSEC-2026-552 CVSS_V4

JLSEC-2026-552

JLSEC Published: May 26, 2026
Modified: May 26, 2026
Severity: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Affected Packages: OpenJpeg_jll < 2.5.5+0
Aliases / Upstream: CVE-2025-54874 EUVD-2025-23631

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opjjp2readheader may lead to OOB heap memory write when the data stream pstream is too short and p_image is not initialized.

References

https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d
https://github.com/uclouvain/openjpeg/pull/1573
https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV