5.6

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-56827

GHSA ID

GHSA-jq5v-29wx-7grq

EPSS Score

0.13672%

CWE

CWE-122

Published

1/9/2025

Updated

5/13/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-56827

CVE-2024-56827: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when...

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-56827

CVE-2024-56827:

5.6

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-56827

GHSA ID

GHSA-jq5v-29wx-7grq

EPSS Score

0.13672%

CWE

CWE-122

Published

1/9/2025

Updated

5/13/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided commit directly patches the function opj_j2k_add_tlmarker in src/lib/openjp2/j2k.c. The patch adds a bounds check (l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) before accessing an array element (cstr_index->tile_index[tileno].tp_index[l_current_tile_part]). The absence of this check in the vulnerable version allowed for a heap buffer overflow when l_current_tile_part was greater than or equal to the number of tile-parts (nb_tps), leading to an out-of-bounds write. The vulnerability description aligns with this, stating a heap buffer overflow in the OpenJPEG project related to the opj_decompress utility, and this function is part of the JPEG 2000 decoding process.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.6

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-56827: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when...

CVE-2024-56827:

5.6

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

5.6

5.6

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2024-56827: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when...

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI