CVE-2025-54874

Published: Aug 5, 2025

Modified: Feb 26, 2026

PUBLISHED

Description

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.

Vendor	Product	Versions
uclouvain	openjpeg	affected `>= 2.5.1, <= 2.5.3`

Weaknesses (CWE)

CWE-457

References

https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d

x_refsource_CONFIRM

https://github.com/uclouvain/openjpeg/pull/1573

x_refsource_MISC

https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-54874

Description

Affected Products

Weaknesses (CWE)

References