OSV-2025-219

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openjpeg/OSV-2025-219.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-219
Published
2025-03-18T00:18:30.566980Z
Modified
2026-02-11T14:21:44.325194Z
Summary
Heap-buffer-overflow in opj_j2k_read_tile_header
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=403673832

Crash type: Heap-buffer-overflow WRITE 8
Crash state:
opj_j2k_read_tile_header
opj_j2k_decode_tiles
opj_j2k_decode
References

Affected packages

OSS-Fuzz / openjpeg

Package

Name
openjpeg
Purl
pkg:generic/openjpeg

Affected ranges

Type
GIT
Repo
https://github.com/uclouvain/openjpeg
Events
Introduced
954c6e3cb9d79aaa08c6666373d2bfa04f89ead1
Fixed
d33cbecc148d3affcdf403211fddc2cc5d442379

Affected versions

v2.*
v2.5.3
v2.5.4

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific

source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openjpeg/OSV-2025-219.yaml"
introduced_range 
"5005a350a78d1918e98e970457a8316a23c50e19:d153c61e6fad0e1365125433e2db48661ec41ab5"
fixed_range 
"8ac526236416b9c28f73d4684cf9e8a66f1d134e:d33cbecc148d3affcdf403211fddc2cc5d442379"