Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
OpenJPEG Library OpenJPEG 2.5.4 Integer Overflow Allows Local Code Execution
CVE-2026-6192
ECHO-a92e-9791-007a
Summary
A security issue in the OpenJPEG library, used in certain image processing software, can be exploited by a local attacker to execute malicious code. This could potentially lead to unauthorized access to sensitive data or system compromise. To fix this issue, update the OpenJPEG library to a patched version or apply the available patch.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Echo | – | openjpeg2 | All versions |
Original title
ECHO-a92e-9791-007a
Original description
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.
nvd CVSS2.0
1.7
nvd CVSS3.1
3.3
nvd CVSS4.0
4.8
Vulnerability type
CWE-189
CWE-190
Integer Overflow
- https://github.com/uclouvain/openjpeg/
- https://github.com/uclouvain/openjpeg/commit/839936aa33eb8899bbbd80fda02796bb650...
- https://github.com/uclouvain/openjpeg/issues/1619
- https://github.com/uclouvain/openjpeg/pull/1628
- https://vuldb.com/submit/797385
- https://vuldb.com/vuln/357114
- https://vuldb.com/vuln/357114/cti
- https://advisory.echohq.com/cve/CVE-2026-6192 URL
- https://www.cve.org/CVERecord?id=CVE-2026-6192 URL
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 13 Apr 2026