CVE-2026-6192

Source
https://cve.org/CVERecord?id=CVE-2026-6192
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6192.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-6192
Downstream
Published
2026-04-13T16:45:11.772Z
Modified
2026-07-15T01:49:15.169840351Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
uclouvain openjpeg pi.c opj_pi_initialise_encode integer overflow
Details

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.

Database specific
{
    "cwe_ids": [
        "CWE-189",
        "CWE-190"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6192.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/uclouvain/openjpeg

Affected ranges

Type
GIT
Repo
https://github.com/uclouvain/openjpeg
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "2.5.0"
        },
        {
            "last_affected": "2.5.0"
        },
        {
            "introduced": "2.5.1"
        },
        {
            "last_affected": "2.5.1"
        },
        {
            "introduced": "2.5.2"
        },
        {
            "last_affected": "2.5.2"
        },
        {
            "introduced": "2.5.3"
        },
        {
            "last_affected": "2.5.3"
        },
        {
            "introduced": "2.5.4"
        },
        {
            "last_affected": "2.5.4"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
v2.*
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6192.json"