CVE-2026-6192
3.3 LOWA vulnerability was identified in uclouvain openjpeg up to 2.5.4
Published: 2026-04-13 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 3.3 LOW
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-189, CWE-190
Description
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-6192
- [Other]https://github.com/uclouvain/openjpeg/
- [Other]https://github.com/uclouvain/openjpeg/commit/839936aa33eb8899bbbd80fda02796bb65068951
- [Other]https://github.com/uclouvain/openjpeg/issues/1619
- [Other]https://github.com/uclouvain/openjpeg/pull/1628
- [Other]https://vuldb.com/submit/797385
- [Other]https://vuldb.com/vuln/357114
- [Other]https://vuldb.com/vuln/357114/cti
- [Other]https://lists.debian.org/debian-lts-announce/2026/05/msg00038.html
Related CVEs
Same CWE
- CVE-2025-66280 — An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-34711 — CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability (7.5 HIGH)
- CVE-2026-47925 — Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could... (5.5 MEDIUM)
- CVE-2023-29146 — The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed dat... (8.2 HIGH)
- CVE-2026-47291 — Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network (9.8 CRITICAL)