CVE-2026-6192
Deferred Deferred - Pending Action
Integer Overflow in OpenJPEG opj_pi_initialise_encode Function

Publication date: 2026-04-13

Last updated on: 2026-05-21

Assigner: VulDB

Description
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-05-21
Generated
2026-06-16
AI Q&A
2026-04-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6192
EUVD
EUVD-2026-22030
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
uclouvain openjpeg to 2.5.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-189
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6192 is an integer overflow vulnerability in the OpenJPEG library, specifically in the function opj_pi_initialise_encode() used during JPEG 2000 image encoding.

The vulnerability arises because the code multiplies several 32-bit unsigned integers representing encoding parameters without checking for overflow. This multiplication calculates the size of a memory buffer to allocate.

If the multiplication exceeds the maximum value for a 32-bit unsigned integer, the result wraps around (overflows), causing the program to allocate a smaller buffer than needed.

Subsequent writes to this buffer then exceed its allocated size, leading to a heap buffer overflow, which can cause memory corruption, crashes, or potentially arbitrary code execution.

The decode path in OpenJPEG includes proper overflow checks, but the encode path did not, making this function vulnerable when encoding images with large dimensions, many components, layers, and resolutions.

Impact Analysis

This vulnerability can lead to heap buffer overflow during JPEG 2000 image encoding, which may cause memory corruption or application crashes.

In production environments without runtime bounds checks, exploitation of this vulnerability could potentially allow an attacker to execute arbitrary code or destabilize the system.

However, the attack must be carried out locally, and the CVSS scores indicate a low to moderate severity (CVSS v3.1 Base Score 3.3), reflecting limited impact and complexity.

The exploit is publicly available, so systems using vulnerable versions of OpenJPEG up to 2.5.4 should apply the patch to mitigate this risk.

Detection Guidance

This vulnerability is a local integer overflow in the OpenJPEG library's encoding function, which leads to heap buffer overflow during JPEG 2000 image encoding. Detection involves monitoring for runtime errors related to out-of-bounds memory access during encoding operations.

Specifically, runtime bounds checks in the OpenJPEG encoding functions may log errors such as: "[ERROR] Invalid access to pi->include" indicating out-of-bounds access caused by the integer overflow.

Since the vulnerability is triggered locally during encoding, network detection is not applicable. Instead, detection should focus on system-level monitoring of applications using OpenJPEG for encoding JPEG 2000 images.

Suggested commands to detect the vulnerability or its exploitation attempts include:

  • Run the vulnerable OpenJPEG encoding binary with debugging or verbose logging enabled to observe error messages related to memory access.
  • Use system call tracing tools such as `strace` on Linux to monitor the encoding process for abnormal crashes or memory allocation failures.
  • Monitor system logs (`dmesg`, `/var/log/syslog`) for segmentation faults or memory corruption errors related to the encoding process.
  • If you have access to source code or debugging symbols, use debugging tools like `gdb` to trace the execution of `opj_pi_initialise_encode()` and check for abnormal behavior.
Mitigation Strategies

The primary mitigation step is to apply the official patch that addresses the integer overflow in the `opj_pi_initialise_encode()` function.

This patch introduces a conditional check before performing the multiplication that calculates the memory allocation size, preventing integer overflow and subsequent heap buffer overflow.

Specifically, the fix verifies that the multiplication operands do not exceed the unsigned integer limit before allocating memory, and safely handles allocation failures.

Immediate actions include:

  • Update OpenJPEG to a version that includes the patch identified by commit `839936aa33eb8899bbbd80fda02796bb65068951` or later.
  • If updating is not immediately possible, avoid encoding JPEG 2000 images with large dimensions, many components, layers, or resolutions that could trigger the overflow.
  • Monitor encoding processes for abnormal crashes or errors and restrict local access to systems running vulnerable OpenJPEG versions.
Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6192. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart