Openjpeg CVE-2026-6192

| EUVD-2026-22030 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-04-13 VulDB GHSA-6jfp-5ggc-pgmx
Buffer Overflow Integer Overflow Openjpeg Redhat Suse
4.8
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Apr 15, 2026 - 12:48 vuln.today
Severity Changed
Apr 13, 2026 - 17:22 NVD
LOW MEDIUM
CVSS changed
Apr 13, 2026 - 17:22 NVD
3.3 (LOW) 4.8 (MEDIUM)

DescriptionNVD

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.

AnalysisAI

Integer overflow in OpenJPEG's opj_pi_initialise_encode function (versions 2.5.0-2.5.4) allows authenticated local attackers to trigger availability impact via crafted input to the pi.c library module. The vulnerability has a publicly available proof-of-concept and carries an EPSS score of 0.01% (2nd percentile), reflecting minimal real-world exploitation likelihood despite the presence of exploit code. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Vendor StatusVendor

Share

CVE-2026-6192 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy