CVE-2025-54874

Medium CVSS 6.6

Overview

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.

CWE: CWE-457 Published: 2025-08-05T15:15:32.000

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.6 (MEDIUM)
Detected tags: oob (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags