Vulnerability-Lookup

CVE-2024-56826 (GCVE-0-2024-56826)

Vulnerability from cvelistv5 – Published: 2025-01-09 03:40 – Updated: 2025-11-06 22:33

Title

Openjpeg: heap buffer overflow in bin/common/color.c

Summary

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

Severity

5.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2025:7309	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-56826	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2335172	issue-trackingx_refsource_REDHAT
https://github.com/uclouvain/openjpeg/commit/e492…
https://github.com/uclouvain/openjpeg/issues/1563
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

6 products

Vendor	Product	Version
		Unaffected: 2.5.3 , < * (semver)
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.4.0-8.el9 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8

Date Public

2024-12-24 00:00

Credits

Red Hat would like to thank Frank Zeng (Huazhong University of Science and Technology) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-56826",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T15:40:54.664195Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T15:41:17.638Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:32:32.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/uclouvain/openjpeg",
          "defaultStatus": "unknown",
          "packageName": "openjpeg",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.5.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "openjpeg2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-8.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openjpeg2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "openjpeg",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "openjpeg",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "openjpeg2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unknown",
          "packageName": "gimp:flatpak/openjpeg2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unknown",
          "packageName": "openjpeg2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Frank Zeng (Huazhong University of Science and Technology) for reporting this issue."
        }
      ],
      "datePublic": "2024-12-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T22:33:36.021Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:7309",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7309"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-56826"
        },
        {
          "name": "RHBZ#2335172",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335172"
        },
        {
          "url": "https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8"
        },
        {
          "url": "https://github.com/uclouvain/openjpeg/issues/1563"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-01-01T16:37:12.963Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-12-24T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Openjpeg: heap buffer overflow in bin/common/color.c",
      "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-56826",
    "datePublished": "2025-01-09T03:40:24.613Z",
    "dateReserved": "2025-01-01T17:07:45.899Z",
    "dateUpdated": "2025-11-06T22:33:36.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-56826",
      "date": "2026-06-10",
      "epss": "0.00044",
      "percentile": "0.13953"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una falla en OpenJPEG project. Se puede generar una condici\\u00f3n de desbordamiento del b\\u00fafer de pila cuando se especifican ciertas opciones al usar la utilidad opj_decompress. Esto puede provocar un bloqueo de la aplicaci\\u00f3n u otro comportamiento indefinido.\"}]",
      "id": "CVE-2024-56826",
      "lastModified": "2025-01-09T04:15:12.660",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H\", \"baseScore\": 5.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 4.2}]}",
      "published": "2025-01-09T04:15:12.660",
      "references": "[{\"url\": \"https://access.redhat.com/security/cve/CVE-2024-56826\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2335172\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://github.com/uclouvain/openjpeg/issues/1563\", \"source\": \"secalert@redhat.com\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-122\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-56826\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-01-09T04:15:12.660\",\"lastModified\":\"2025-11-03T20:16:54.410\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en OpenJPEG project. Se puede generar una condici\u00f3n de desbordamiento del b\u00fafer de pila cuando se especifican ciertas opciones al usar la utilidad opj_decompress. Esto puede provocar un bloqueo de la aplicaci\u00f3n u otro comportamiento indefinido.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H\",\"baseScore\":5.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:7309\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-56826\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2335172\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/uclouvain/openjpeg/issues/1563\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:32:32.703Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-56826\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-09T15:40:54.664195Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-09T15:41:07.407Z\"}}], \"cna\": {\"title\": \"Openjpeg: heap buffer overflow in bin/common/color.c\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Frank Zeng (Huazhong University of Science and Technology) for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"versions\": [{\"status\": \"unaffected\", \"version\": \"2.5.3\", \"lessThan\": \"*\", \"versionType\": \"semver\"}], \"packageName\": \"openjpeg\", \"collectionURL\": \"https://github.com/uclouvain/openjpeg\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/a:redhat:enterprise_linux:9::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.4.0-8.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openjpeg2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"packageName\": \"openjpeg2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"openjpeg\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"openjpeg\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"openjpeg2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"gimp:flatpak/openjpeg2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"openjpeg2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-01-01T16:37:12.963Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-12-24T00:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-12-24T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:7309\", \"name\": \"RHSA-2025:7309\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-56826\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2335172\", \"name\": \"RHBZ#2335172\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8\"}, {\"url\": \"https://github.com/uclouvain/openjpeg/issues/1563\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-06T22:33:36.021Z\"}, \"x_redhatCweChain\": \"CWE-122: Heap-based Buffer Overflow\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-56826\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-06T22:33:36.021Z\", \"dateReserved\": \"2025-01-01T17:07:45.899Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-01-09T03:40:24.613Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

SUSE-SU-2025:0040-1

Vulnerability from csaf_suse - Published: 2025-01-09 10:33 - Updated: 2025-01-09 10:33

Summary

Security update for openjpeg2

Severity

Moderate

Notes

Title of the patch: Security update for openjpeg2

Description of the patch: This update for openjpeg2 fixes the following issues: - CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c (bsc#1235029)

Patchnames: SUSE-2025-40,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-40

CVE-2024-56826

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenjp2-7-2.1.0-4.21.1.x86_64		—	Vendor Fix

Threats

Impact moderate

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1235029	self
https://www.suse.com/security/cve/CVE-2024-56826/	self
https://www.suse.com/security/cve/CVE-2024-56826	external
https://bugzilla.suse.com/1235029	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openjpeg2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openjpeg2 fixes the following issues:\n\n- CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c (bsc#1235029)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-40,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-40",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0040-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:0040-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250040-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:0040-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020072.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235029",
        "url": "https://bugzilla.suse.com/1235029"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56826 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56826/"
      }
    ],
    "title": "Security update for openjpeg2",
    "tracking": {
      "current_release_date": "2025-01-09T10:33:32Z",
      "generator": {
        "date": "2025-01-09T10:33:32Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:0040-1",
      "initial_release_date": "2025-01-09T10:33:32Z",
      "revision_history": [
        {
          "date": "2025-01-09T10:33:32Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-4.21.1.aarch64",
                "product": {
                  "name": "libopenjp2-7-2.1.0-4.21.1.aarch64",
                  "product_id": "libopenjp2-7-2.1.0-4.21.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-4.21.1.aarch64",
                "product": {
                  "name": "openjpeg2-2.1.0-4.21.1.aarch64",
                  "product_id": "openjpeg2-2.1.0-4.21.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-4.21.1.aarch64",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-4.21.1.aarch64",
                  "product_id": "openjpeg2-devel-2.1.0-4.21.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-64bit-2.1.0-4.21.1.aarch64_ilp32",
                "product": {
                  "name": "libopenjp2-7-64bit-2.1.0-4.21.1.aarch64_ilp32",
                  "product_id": "libopenjp2-7-64bit-2.1.0-4.21.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-4.21.1.i586",
                "product": {
                  "name": "libopenjp2-7-2.1.0-4.21.1.i586",
                  "product_id": "libopenjp2-7-2.1.0-4.21.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-4.21.1.i586",
                "product": {
                  "name": "openjpeg2-2.1.0-4.21.1.i586",
                  "product_id": "openjpeg2-2.1.0-4.21.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-4.21.1.i586",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-4.21.1.i586",
                  "product_id": "openjpeg2-devel-2.1.0-4.21.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-4.21.1.ppc64le",
                "product": {
                  "name": "libopenjp2-7-2.1.0-4.21.1.ppc64le",
                  "product_id": "libopenjp2-7-2.1.0-4.21.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-4.21.1.ppc64le",
                "product": {
                  "name": "openjpeg2-2.1.0-4.21.1.ppc64le",
                  "product_id": "openjpeg2-2.1.0-4.21.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-4.21.1.ppc64le",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-4.21.1.ppc64le",
                  "product_id": "openjpeg2-devel-2.1.0-4.21.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-4.21.1.s390",
                "product": {
                  "name": "libopenjp2-7-2.1.0-4.21.1.s390",
                  "product_id": "libopenjp2-7-2.1.0-4.21.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-4.21.1.s390",
                "product": {
                  "name": "openjpeg2-2.1.0-4.21.1.s390",
                  "product_id": "openjpeg2-2.1.0-4.21.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-4.21.1.s390",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-4.21.1.s390",
                  "product_id": "openjpeg2-devel-2.1.0-4.21.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-4.21.1.s390x",
                "product": {
                  "name": "libopenjp2-7-2.1.0-4.21.1.s390x",
                  "product_id": "libopenjp2-7-2.1.0-4.21.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenjp2-7-32bit-2.1.0-4.21.1.s390x",
                "product": {
                  "name": "libopenjp2-7-32bit-2.1.0-4.21.1.s390x",
                  "product_id": "libopenjp2-7-32bit-2.1.0-4.21.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-4.21.1.s390x",
                "product": {
                  "name": "openjpeg2-2.1.0-4.21.1.s390x",
                  "product_id": "openjpeg2-2.1.0-4.21.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-4.21.1.s390x",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-4.21.1.s390x",
                  "product_id": "openjpeg2-devel-2.1.0-4.21.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-4.21.1.x86_64",
                "product": {
                  "name": "libopenjp2-7-2.1.0-4.21.1.x86_64",
                  "product_id": "libopenjp2-7-2.1.0-4.21.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenjp2-7-32bit-2.1.0-4.21.1.x86_64",
                "product": {
                  "name": "libopenjp2-7-32bit-2.1.0-4.21.1.x86_64",
                  "product_id": "libopenjp2-7-32bit-2.1.0-4.21.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-4.21.1.x86_64",
                "product": {
                  "name": "openjpeg2-2.1.0-4.21.1.x86_64",
                  "product_id": "openjpeg2-2.1.0-4.21.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-4.21.1.x86_64",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-4.21.1.x86_64",
                  "product_id": "openjpeg2-devel-2.1.0-4.21.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.21.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenjp2-7-2.1.0-4.21.1.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.21.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-56826",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56826"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenjp2-7-2.1.0-4.21.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56826",
          "url": "https://www.suse.com/security/cve/CVE-2024-56826"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235029 for CVE-2024-56826",
          "url": "https://bugzilla.suse.com/1235029"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenjp2-7-2.1.0-4.21.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenjp2-7-2.1.0-4.21.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-09T10:33:32Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-56826"
    }
  ]
}

SUSE-SU-2025:0044-1

Vulnerability from csaf_suse - Published: 2025-01-09 15:04 - Updated: 2025-01-09 15:04

Summary

Security update for openjpeg2

Severity

Moderate

Notes

Title of the patch: Security update for openjpeg2

Description of the patch: This update for openjpeg2 fixes the following issues: - CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c (bsc#1235029)

Patchnames: SUSE-2025-44,SUSE-SLE-Module-Basesystem-15-SP6-2025-44,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-44,openSUSE-SLE-15.6-2025-44

CVE-2024-56826

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 26 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1235029	self
https://www.suse.com/security/cve/CVE-2024-56826/	self
https://www.suse.com/security/cve/CVE-2024-56826	external
https://bugzilla.suse.com/1235029	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openjpeg2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openjpeg2 fixes the following issues:\n\n- CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c (bsc#1235029)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-44,SUSE-SLE-Module-Basesystem-15-SP6-2025-44,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-44,openSUSE-SLE-15.6-2025-44",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0044-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:0044-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250044-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:0044-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020076.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235029",
        "url": "https://bugzilla.suse.com/1235029"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56826 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56826/"
      }
    ],
    "title": "Security update for openjpeg2",
    "tracking": {
      "current_release_date": "2025-01-09T15:04:57Z",
      "generator": {
        "date": "2025-01-09T15:04:57Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:0044-1",
      "initial_release_date": "2025-01-09T15:04:57Z",
      "revision_history": [
        {
          "date": "2025-01-09T15:04:57Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.3.0-150000.3.18.1.aarch64",
                "product": {
                  "name": "libopenjp2-7-2.3.0-150000.3.18.1.aarch64",
                  "product_id": "libopenjp2-7-2.3.0-150000.3.18.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.3.0-150000.3.18.1.aarch64",
                "product": {
                  "name": "openjpeg2-2.3.0-150000.3.18.1.aarch64",
                  "product_id": "openjpeg2-2.3.0-150000.3.18.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.3.0-150000.3.18.1.aarch64",
                "product": {
                  "name": "openjpeg2-devel-2.3.0-150000.3.18.1.aarch64",
                  "product_id": "openjpeg2-devel-2.3.0-150000.3.18.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-64bit-2.3.0-150000.3.18.1.aarch64_ilp32",
                "product": {
                  "name": "libopenjp2-7-64bit-2.3.0-150000.3.18.1.aarch64_ilp32",
                  "product_id": "libopenjp2-7-64bit-2.3.0-150000.3.18.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.3.0-150000.3.18.1.i586",
                "product": {
                  "name": "libopenjp2-7-2.3.0-150000.3.18.1.i586",
                  "product_id": "libopenjp2-7-2.3.0-150000.3.18.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.3.0-150000.3.18.1.i586",
                "product": {
                  "name": "openjpeg2-2.3.0-150000.3.18.1.i586",
                  "product_id": "openjpeg2-2.3.0-150000.3.18.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.3.0-150000.3.18.1.i586",
                "product": {
                  "name": "openjpeg2-devel-2.3.0-150000.3.18.1.i586",
                  "product_id": "openjpeg2-devel-2.3.0-150000.3.18.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.3.0-150000.3.18.1.ppc64le",
                "product": {
                  "name": "libopenjp2-7-2.3.0-150000.3.18.1.ppc64le",
                  "product_id": "libopenjp2-7-2.3.0-150000.3.18.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.3.0-150000.3.18.1.ppc64le",
                "product": {
                  "name": "openjpeg2-2.3.0-150000.3.18.1.ppc64le",
                  "product_id": "openjpeg2-2.3.0-150000.3.18.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le",
                "product": {
                  "name": "openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le",
                  "product_id": "openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.3.0-150000.3.18.1.s390x",
                "product": {
                  "name": "libopenjp2-7-2.3.0-150000.3.18.1.s390x",
                  "product_id": "libopenjp2-7-2.3.0-150000.3.18.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.3.0-150000.3.18.1.s390x",
                "product": {
                  "name": "openjpeg2-2.3.0-150000.3.18.1.s390x",
                  "product_id": "openjpeg2-2.3.0-150000.3.18.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.3.0-150000.3.18.1.s390x",
                "product": {
                  "name": "openjpeg2-devel-2.3.0-150000.3.18.1.s390x",
                  "product_id": "openjpeg2-devel-2.3.0-150000.3.18.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.3.0-150000.3.18.1.x86_64",
                "product": {
                  "name": "libopenjp2-7-2.3.0-150000.3.18.1.x86_64",
                  "product_id": "libopenjp2-7-2.3.0-150000.3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64",
                "product": {
                  "name": "libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64",
                  "product_id": "libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.3.0-150000.3.18.1.x86_64",
                "product": {
                  "name": "openjpeg2-2.3.0-150000.3.18.1.x86_64",
                  "product_id": "openjpeg2-2.3.0-150000.3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.3.0-150000.3.18.1.x86_64",
                "product": {
                  "name": "openjpeg2-devel-2.3.0-150000.3.18.1.x86_64",
                  "product_id": "openjpeg2-devel-2.3.0-150000.3.18.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
                  "product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.6",
                "product": {
                  "name": "openSUSE Leap 15.6",
                  "product_id": "openSUSE Leap 15.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.3.0-150000.3.18.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.aarch64"
        },
        "product_reference": "libopenjp2-7-2.3.0-150000.3.18.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.3.0-150000.3.18.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.ppc64le"
        },
        "product_reference": "libopenjp2-7-2.3.0-150000.3.18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.3.0-150000.3.18.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.s390x"
        },
        "product_reference": "libopenjp2-7-2.3.0-150000.3.18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.3.0-150000.3.18.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.x86_64"
        },
        "product_reference": "libopenjp2-7-2.3.0-150000.3.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.3.0-150000.3.18.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.aarch64"
        },
        "product_reference": "openjpeg2-2.3.0-150000.3.18.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.3.0-150000.3.18.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.ppc64le"
        },
        "product_reference": "openjpeg2-2.3.0-150000.3.18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.3.0-150000.3.18.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.s390x"
        },
        "product_reference": "openjpeg2-2.3.0-150000.3.18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.3.0-150000.3.18.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.x86_64"
        },
        "product_reference": "openjpeg2-2.3.0-150000.3.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.3.0-150000.3.18.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.aarch64"
        },
        "product_reference": "openjpeg2-devel-2.3.0-150000.3.18.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le"
        },
        "product_reference": "openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.3.0-150000.3.18.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.s390x"
        },
        "product_reference": "openjpeg2-devel-2.3.0-150000.3.18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.3.0-150000.3.18.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.x86_64"
        },
        "product_reference": "openjpeg2-devel-2.3.0-150000.3.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64"
        },
        "product_reference": "libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.3.0-150000.3.18.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.aarch64"
        },
        "product_reference": "libopenjp2-7-2.3.0-150000.3.18.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.3.0-150000.3.18.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.ppc64le"
        },
        "product_reference": "libopenjp2-7-2.3.0-150000.3.18.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.3.0-150000.3.18.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.s390x"
        },
        "product_reference": "libopenjp2-7-2.3.0-150000.3.18.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.3.0-150000.3.18.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.x86_64"
        },
        "product_reference": "libopenjp2-7-2.3.0-150000.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64"
        },
        "product_reference": "libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.3.0-150000.3.18.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.aarch64"
        },
        "product_reference": "openjpeg2-2.3.0-150000.3.18.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.3.0-150000.3.18.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.ppc64le"
        },
        "product_reference": "openjpeg2-2.3.0-150000.3.18.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.3.0-150000.3.18.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.s390x"
        },
        "product_reference": "openjpeg2-2.3.0-150000.3.18.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.3.0-150000.3.18.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.x86_64"
        },
        "product_reference": "openjpeg2-2.3.0-150000.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.3.0-150000.3.18.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.aarch64"
        },
        "product_reference": "openjpeg2-devel-2.3.0-150000.3.18.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le"
        },
        "product_reference": "openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.3.0-150000.3.18.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.s390x"
        },
        "product_reference": "openjpeg2-devel-2.3.0-150000.3.18.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.3.0-150000.3.18.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.x86_64"
        },
        "product_reference": "openjpeg2-devel-2.3.0-150000.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-56826",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56826"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Package Hub 15 SP6:libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64",
          "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.aarch64",
          "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.ppc64le",
          "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.s390x",
          "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.x86_64",
          "openSUSE Leap 15.6:libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64",
          "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.aarch64",
          "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.ppc64le",
          "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.s390x",
          "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.x86_64",
          "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.aarch64",
          "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le",
          "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.s390x",
          "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56826",
          "url": "https://www.suse.com/security/cve/CVE-2024-56826"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235029 for CVE-2024-56826",
          "url": "https://bugzilla.suse.com/1235029"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Package Hub 15 SP6:libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64",
            "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.aarch64",
            "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.ppc64le",
            "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.s390x",
            "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.x86_64",
            "openSUSE Leap 15.6:libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64",
            "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.aarch64",
            "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.ppc64le",
            "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.s390x",
            "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.x86_64",
            "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.aarch64",
            "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le",
            "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.s390x",
            "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Package Hub 15 SP6:libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64",
            "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.aarch64",
            "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.ppc64le",
            "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.s390x",
            "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.18.1.x86_64",
            "openSUSE Leap 15.6:libopenjp2-7-32bit-2.3.0-150000.3.18.1.x86_64",
            "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.aarch64",
            "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.ppc64le",
            "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.s390x",
            "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.18.1.x86_64",
            "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.aarch64",
            "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.ppc64le",
            "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.s390x",
            "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-09T15:04:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-56826"
    }
  ]
}

WID-SEC-W-2025-0002

Vulnerability from csaf_certbund - Published: 2025-01-01 23:00 - Updated: 2025-05-12 22:00

Summary

OpenJPEG: Mehrere Schwachstellen ermöglichen Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die OpenJPEG Bibliothek ist ein in C geschriebener Open Source JPEG 2000 Codec.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in OpenJPEG ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Windows

CVE-2024-56826

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source OpenJPEG <2.5.3 Open Source / OpenJPEG		<2.5.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM App Connect Enterprise Certified Container IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:certified_container`	Certified Container

CVE-2024-56827

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source OpenJPEG <2.5.3 Open Source / OpenJPEG		<2.5.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM App Connect Enterprise Certified Container IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:certified_container`	Certified Container

References

17 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://bugzilla.redhat.com/show_bug.cgi?id=2335172	external
https://bugzilla.redhat.com/show_bug.cgi?id=2335174	external
https://github.com/uclouvain/openjpeg/issues/1563	external
https://github.com/uclouvain/openjpeg/issues/1564	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://ubuntu.com/security/notices/USN-7223-1	external
https://lists.debian.org/debian-security-announce…	external
https://lists.debian.org/debian-security-announce…	external
https://lists.debian.org/debian-security-announce…	external
https://www.ibm.com/support/pages/node/7182192	external
https://alas.aws.amazon.com/AL2/ALAS-2025-2773.html	external
https://lists.debian.org/debian-lts-announce/2025…	external
https://access.redhat.com/errata/RHSA-2025:7309	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die OpenJPEG Bibliothek ist ein in C geschriebener Open Source JPEG 2000 Codec.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in OpenJPEG ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0002 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0002.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0002 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0002"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugtracker #2335172 vom 2025-01-01",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335172"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugtracker #2335174 vom 2025-01-01",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335174"
      },
      {
        "category": "external",
        "summary": "Proof of Concept (PoC)",
        "url": "https://github.com/uclouvain/openjpeg/issues/1563"
      },
      {
        "category": "external",
        "summary": "Proof of Concept (PoC)",
        "url": "https://github.com/uclouvain/openjpeg/issues/1564"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:14620-1 vom 2025-01-08",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XKBM37J7PMJ763EKO4IP3FLOLF4U26HW/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0040-1 vom 2025-01-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020072.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0044-1 vom 2025-01-09",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/TH3ZOP6DDN2XBG27V7JY542UMGLOLAUT/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7223-1 vom 2025-01-23",
        "url": "https://ubuntu.com/security/notices/USN-7223-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5851 vom 2025-01-27",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00013.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5852 vom 2025-01-28",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00014.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5853 vom 2025-01-30",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00015.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7182192 vom 2025-01-31",
        "url": "https://www.ibm.com/support/pages/node/7182192"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2025-2773 vom 2025-03-07",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2773.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4107 vom 2025-04-02",
        "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:7309 vom 2025-05-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:7309"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenJPEG: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2025-05-12T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-13T11:00:59.423+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0002",
      "initial_release_date": "2025-01-01T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-01-01T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-01-08T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-01-09T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-23T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-01-27T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-01-28T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-01-29T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-01-30T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-03-09T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-04-01T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-05-12T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "11"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Certified Container",
                "product": {
                  "name": "IBM App Connect Enterprise Certified Container",
                  "product_id": "T037907",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "App Connect Enterprise"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.5.3",
                "product": {
                  "name": "Open Source OpenJPEG \u003c2.5.3",
                  "product_id": "T039986"
                }
              },
              {
                "category": "product_version",
                "name": "2.5.3",
                "product": {
                  "name": "Open Source OpenJPEG 2.5.3",
                  "product_id": "T039986-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openjpeg:openjpeg:2.5.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenJPEG"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-56826",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "T039986",
          "398363",
          "T037907"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-56826"
    },
    {
      "cve": "CVE-2024-56827",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "T039986",
          "398363",
          "T037907"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-56827"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-56826 (GCVE-0-2024-56826)

SUSE-SU-2025:0040-1

SUSE-SU-2025:0044-1

WID-SEC-W-2025-0002

Tags

Sightings

Nomenclature