{"id":"JLSEC-2026-552","details":"OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.","modified":"2026-05-26T19:45:03.118203329Z","published":"2026-05-26T19:31:24.313Z","upstream":["CVE-2025-54874","EUVD-2025-23631"],"database_specific":{"license":"CC-BY-4.0","sources":[{"modified":"2025-09-26T22:15:33.920Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-54874","id":"CVE-2025-54874","database_specific":{"status":"Modified"},"html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54874","imported":"2026-05-25T01:08:38.684Z","published":"2025-08-05T15:15:32Z"},{"id":"EUVD-2025-23631","url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-23631","published":"2025-08-05T14:33:17Z","html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-23631","modified":"2026-02-26T17:49:57Z","imported":"2026-05-25T01:08:40.996Z"}]},"references":[{"type":"WEB","url":"https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d"},{"type":"WEB","url":"https://github.com/uclouvain/openjpeg/pull/1573"},{"type":"WEB","url":"https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV"}],"affected":[{"package":{"name":"OpenJpeg_jll","ecosystem":"Julia","purl":"pkg:julia/OpenJpeg_jll?uuid=643b3616-a352-519d-856d-80112ee9badc"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.5.5+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-552.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}]}