CVE-2024-56827

一、漏洞信息
 漏洞编号：[CVE-2024-56827](https://nvd.nist.gov/vuln/detail/CVE-2024-56827)
 漏洞归属组件：[ghostscript](https://gitee.com/src-openeuler/ghostscript)
 漏洞归属的版本：10.05.0,10.05.1,9.52,9.55.0,9.56.1
 CVSS V3.0分值：
  BaseScore：5.6 Medium
  Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
 漏洞简述：
  A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.
 漏洞公开时间：2025-01-09 12:15:12
 漏洞创建时间：2025-08-03 17:31:20
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2024-56827
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
|  | https://ubuntu.com/security/CVE-2024-56827 |  |
|  | https://www.cve.org/CVERecord?id=CVE-2024-56827 |  |
|  | https://security-tracker.debian.org/tracker/CVE-2024-56827 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-56827 |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2335174 |  |
|  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  |
|  | https://github.com/uclouvain/openjpeg/issues/1564 |  |
|  | https://nvd.nist.gov/vuln/detail/CVE-2024-56827 |  |
|  | https://www.mend.io/vulnerability-database/CVE-2024-56827 |  |
|  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  |
|  | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56827 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-56827 |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2335174 |  |
|  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  |
|  | https://github.com/uclouvain/openjpeg/issues/1564 |  |
|  | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56827 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-56827 |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2335174 |  |
|  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  |
|  | https://github.com/uclouvain/openjpeg/issues/1564 |  |
|  | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56827 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-56827 |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2335174 |  |
|  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  |
|  | https://github.com/uclouvain/openjpeg/issues/1564 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-56827 |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2335174 |  |
|  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  |
|  | https://github.com/uclouvain/openjpeg/issues/1564 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-56827 |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2335174 |  |
|  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  |
|  | https://github.com/uclouvain/openjpeg/issues/1564 |  |
|  | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56827 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-56827 |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2335174 |  |
|  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  |
|  | https://github.com/uclouvain/openjpeg/issues/1564 |  |
|  | https://vigilance.fr/vulnerability/OpenJPEG-buffer-overflow-via-opj-j2k-add-tlmarker-46031 |  |
|  | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56827 |  |
|  | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56827 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-56827 |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2335174 |  |
|  | https://github.com/uclouvain/openjpeg/issues/1564 |  |
|  | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56827 |  |
|  | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56827 |  |
|  | https://access.redhat.com/errata/RHSA-2025:7309 |  |
|  | https://access.redhat.com/errata/RHSA-2025:7309 |  |
|  | https://ubuntu.com/security/notices/USN-7223-1 |  |
|  | https://linux.oracle.com/cve/CVE-2024-56827.html |  |
|  | https://linux.oracle.com/errata/ELSA-2025-7309.html |  |
|  | https://access.redhat.com/errata/RHSA-2025:7309 |  |
|  | https://linux.oracle.com/cve/CVE-2024-56827.html |  |
|  | https://linux.oracle.com/errata/ELSA-2025-7309.html |  |
|  | https://access.redhat.com/errata/RHSA-2025:7309 |  |
|  | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56827 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-56827 |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2335174 |  |
|  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  |
|  | https://github.com/uclouvain/openjpeg/issues/1564 |  |
|  | https://access.redhat.com/errata/RHSA-2025:7309 |  |
|  | https://access.redhat.com/errata/RHSA-2025:7309 |  |
|  | https://access.redhat.com/security/cve/CVE-2024-56827 |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2335174 |  |
|  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  |
|  | https://github.com/uclouvain/openjpeg/issues/1564 |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其他
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| uclouvain/openjpeg |  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8.patch |  | ljqc |
|  |  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  | nvd |
|  |  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  | snyk |
|  |  | https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 |  | cvelistv5 |

</details>
 
二、漏洞分析结构反馈
 影响性分析说明：
  
 openEuler评分：
   
 受影响版本排查(受影响/不受影响)：
  1.master(10.05.1):
2.openEuler-20.03-LTS-SP4(9.52):
3.openEuler-22.03-LTS-SP3(9.55.0):
4.openEuler-22.03-LTS-SP4(9.55.0):
5.openEuler-24.03-LTS(9.56.1):
6.openEuler-24.03-LTS-Next(9.56.1):
7.openEuler-24.03-LTS-SP1(9.56.1):
8.openEuler-24.03-LTS-SP2(9.56.1):

修复是否涉及abi变化(是/否)：
  1.master(10.05.1):
2.openEuler-20.03-LTS-SP4(9.52):
3.openEuler-22.03-LTS-SP3(9.55.0):
4.openEuler-22.03-LTS-SP4(9.55.0):
5.openEuler-24.03-LTS(9.56.1):
6.openEuler-24.03-LTS-Next(9.56.1):
7.openEuler-24.03-LTS-SP1(9.56.1):
8.openEuler-24.03-LTS-SP2(9.56.1):

原因说明：
  1.master(10.05.1):
2.openEuler-20.03-LTS-SP4(9.52):
3.openEuler-22.03-LTS-SP3(9.55.0):
4.openEuler-22.03-LTS-SP4(9.55.0):
5.openEuler-24.03-LTS(9.56.1):
6.openEuler-24.03-LTS-Next(9.56.1):
7.openEuler-24.03-LTS-SP1(9.56.1):
8.openEuler-24.03-LTS-SP2(9.56.1):

src-openEuler/ghostscript

内容风险标识

评论 (5)

src-openEuler/ghostscript .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2024-56827

评论 (5)

搜索帮助

src-openEuler/ghostscript