CVE-2026-6192
Integer Overflow in OpenJPEG opj_pi_initialise_encode Function
Publication date: 2026-04-13
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| uclouvain | openjpeg | to 2.5.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-189 | |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6192 is an integer overflow vulnerability in the OpenJPEG library, specifically in the function opj_pi_initialise_encode() used during JPEG 2000 image encoding.
The vulnerability arises because the code multiplies several 32-bit unsigned integers representing encoding parameters without checking for overflow. This multiplication calculates the size of a memory buffer to allocate.
If the multiplication exceeds the maximum value for a 32-bit unsigned integer, the result wraps around (overflows), causing the program to allocate a smaller buffer than needed.
Subsequent writes to this buffer then exceed its allocated size, leading to a heap buffer overflow, which can cause memory corruption, crashes, or potentially arbitrary code execution.
The decode path in OpenJPEG includes proper overflow checks, but the encode path did not, making this function vulnerable when encoding images with large dimensions, many components, layers, and resolutions.
How can this vulnerability impact me? :
This vulnerability can lead to heap buffer overflow during JPEG 2000 image encoding, which may cause memory corruption or application crashes.
In production environments without runtime bounds checks, exploitation of this vulnerability could potentially allow an attacker to execute arbitrary code or destabilize the system.
However, the attack must be carried out locally, and the CVSS scores indicate a low to moderate severity (CVSS v3.1 Base Score 3.3), reflecting limited impact and complexity.
The exploit is publicly available, so systems using vulnerable versions of OpenJPEG up to 2.5.4 should apply the patch to mitigate this risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local integer overflow in the OpenJPEG library's encoding function, which leads to heap buffer overflow during JPEG 2000 image encoding. Detection involves monitoring for runtime errors related to out-of-bounds memory access during encoding operations.
Specifically, runtime bounds checks in the OpenJPEG encoding functions may log errors such as: "[ERROR] Invalid access to pi->include" indicating out-of-bounds access caused by the integer overflow.
Since the vulnerability is triggered locally during encoding, network detection is not applicable. Instead, detection should focus on system-level monitoring of applications using OpenJPEG for encoding JPEG 2000 images.
Suggested commands to detect the vulnerability or its exploitation attempts include:
- Run the vulnerable OpenJPEG encoding binary with debugging or verbose logging enabled to observe error messages related to memory access.
- Use system call tracing tools such as `strace` on Linux to monitor the encoding process for abnormal crashes or memory allocation failures.
- Monitor system logs (`dmesg`, `/var/log/syslog`) for segmentation faults or memory corruption errors related to the encoding process.
- If you have access to source code or debugging symbols, use debugging tools like `gdb` to trace the execution of `opj_pi_initialise_encode()` and check for abnormal behavior.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to apply the official patch that addresses the integer overflow in the `opj_pi_initialise_encode()` function.
This patch introduces a conditional check before performing the multiplication that calculates the memory allocation size, preventing integer overflow and subsequent heap buffer overflow.
Specifically, the fix verifies that the multiplication operands do not exceed the unsigned integer limit before allocating memory, and safely handles allocation failures.
Immediate actions include:
- Update OpenJPEG to a version that includes the patch identified by commit `839936aa33eb8899bbbd80fda02796bb65068951` or later.
- If updating is not immediately possible, avoid encoding JPEG 2000 images with large dimensions, many components, layers, or resolutions that could trigger the overflow.
- Monitor encoding processes for abnormal crashes or errors and restrict local access to systems running vulnerable OpenJPEG versions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.