« List of all CVEs

CVE-2021-3575

Published: 3/4/2022 Last updated: 11/3/2025 Reserved: 6/2/2021

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (1)

grib

Products affected (2)

Product Vendor Version
OpenJPEG n/a 9.16.4.42
OpenJPEG n/a <= 5.15.*

References (22)