vulnerability
FreeBSD: VID-77bac392-ba98-11f0-aada-f59a8ea34d12: OpenJPH < 0.24.5 -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:N/A:C) | Nov 5, 2025 | Dec 10, 2025 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:C)
Published
Nov 5, 2025
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Aous Naman reports several vulnerabilities fixed in OpenJPH versions up to 0.24.5 and credits Cary Phillips for reporting them from the OSS-fuzz project. [0.24.5] Addresses OpenEXR OSS-fuzz issue 5747129672073216 that can cause heap corruption. [0.24.4...] we now check that the ATK marker segment length (Latk) makes sense. The issue was identified in OpenEXR fuzzing. [0.24.3] This is an important bug fix. It protects against illegally long QCD and QCC marker segments. It was discovered during OpenEXR fussing; thanx to [Cary Phillips].
Solution
freebsd-upgrade-package-openjph
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.