JLSEC-2026-534

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

PT-2020-4486 · Openjpeg +9 · Openjpeg +9

Name of the Vulnerable Software and Affected Versions: OpenJPEG versions through 2.3.1 Description: The issue is related to a use-after-free in the jp2/opj decompress.c component of the OpenJPEG library, which can be triggered by a mix of valid and invalid files in a directory operated on by the...