<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-17T06:24:12.541719+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ba0bca7e-699c-42df-b4c4-209a7782ad57/export</id>
    <title>ba0bca7e-699c-42df-b4c4-209a7782ad57</title>
    <updated>2026-07-17T06:24:12.558211+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ba0bca7e-699c-42df-b4c4-209a7782ad57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51807", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqp2sskhc32c", "content": "CVE-2026-51807\nOpenHTJ2K, a Java library for handling JPEG 2000 files, has a security issue that could allow an attacker to run unauthorized code on a system by sending it a specially crafted file. This is a serious issue\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-15T15:44:06.440319Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ba0bca7e-699c-42df-b4c4-209a7782ad57/export"/>
    <published>2026-07-15T15:44:06.440319+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/99954543-ef08-4519-b6ba-d24afd0d73d1/export</id>
    <title>99954543-ef08-4519-b6ba-d24afd0d73d1</title>
    <updated>2026-07-17T06:24:12.560011+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "99954543-ef08-4519-b6ba-d24afd0d73d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51807", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqnfu3brq72t", "content": "CVE-2026-51807 - OpenHTJ2K Buffer Overflow Vulnerability\nCVE ID : CVE-2026-51807\n \n Published : July 14, 2026, 11:17 p.m. | 14\u00a0minutes ago\n \n Description : Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before allows an attacker to execute arbitrary code via the j2k_p...", "creation_timestamp": "2026-07-14T23:56:20.893591Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/99954543-ef08-4519-b6ba-d24afd0d73d1/export"/>
    <published>2026-07-14T23:56:20.893591+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/107e1a3c-415b-48d5-8473-1a371d7cdb6f/export</id>
    <title>107e1a3c-415b-48d5-8473-1a371d7cdb6f</title>
    <updated>2026-07-17T06:24:12.560147+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "107e1a3c-415b-48d5-8473-1a371d7cdb6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51807", "type": "seen", "source": "https://gist.github.com/5asever40-a11y/dcfa867b099a7782ad72ab7981427765", "content": "# CVE-2026-51807\n\nHeap buffer overflow in OpenHTJ2K PPM packet header parsing\nallows heap out-of-bounds write via a crafted J2K/JP2 codestream\nor malicious JPIP/JPP response.\n\n------------------------------------------\n\n[Vulnerability Type]\nHeap Buffer Overflow\nOut-of-Bounds Write\n\n------------------------------------------\n\n[Vendor of Product]\nOpenHTJ2K\n\n------------------------------------------\n\n[Affected Product Code Base]\nOpenHTJ2K versions before v0.18.4\n\nFixed version: v0.18.4\nFix commit/tag: f77c1e9 / v0.18.4\n\n------------------------------------------\n\n[Affected Component]\nsource/core/coding/coding_units.cpp\n\nj2k_precinct_subband::parse_packet_header()\nj2k_codeblock::pass_length[128]\n\n------------------------------------------\n\n[Root Cause]\nThe PPM packet header parser updates the fixed-size\nj2k_codeblock::pass_length[128] array while increasing\nnum_passes, but vulnerable versions did not sufficiently\nvalidate that the updated number of coding passes stayed\nwithin the 128-entry pass_length array.\n\nWhen crafted packet header data causes num_passes and\nsegment_passes to exceed the pass_length capacity, the parser\nwrites beyond pass_length[128], resulting in heap memory\ncorruption.\n\n------------------------------------------\n\n[Attack Vectors]\nAn attacker can trigger the vulnerability by providing:\n\n1. A crafted J2K/JP2 codestream processed by the decoder or JPIP server.\n2. A malicious JPIP/JPP server response consumed by an OpenHTJ2K client.\n\nThe client-response path was reproduced by feeding malicious\nJPP response bytes through JPIP stream parsing, databin\nreassembly, and the OpenHTJ2K decoder path until\nj2k_precinct_subband::parse_packet_header() performed the\nout-of-bounds heap write.\n\n------------------------------------------\n\n[Impact]\nHeap memory corruption\n\nConfirmed impact:\n- Heap out-of-bounds write\n- Crash / denial of service\n- Neighboring j2k_codeblock object state corruption in crafted layouts\n- Later dereference of corrupted decoder state\n\nPotential impact:\n- Further exploitation may be possible depending on heap layout,\n  allocator behavior, ASLR, and availability of a stronger write\n  primitive.\n\nStable arbitrary write or RCE was investigated but not confirmed\nby the reporters.\n\n------------------------------------------\n\n[Fix]\nOpenHTJ2K v0.18.4 added kMaxCodingPasses = 128 and introduced\nbounds checks before updating num_passes in the vulnerable packet\nheader parsing paths.\n\nThe fix rejects malformed inputs before pass_length[128] can be\nwritten out of bounds.\n\n------------------------------------------\n\n[Reference]\nhttps://github.com/osamu620/OpenHTJ2K/releases/tag/v0.18.4\nhttps://github.com/osamu620/OpenHTJ2K/releases\n\n------------------------------------------\n\n[Discoverer]\nKANG DAEUN (SANGMYUNG UNIVERSITY, https://github.com/Daeun2046)\nOH HAN GUEL (SANGMYUNG UNIVERSITY, https://github.com/5asever40-a11y)\n", "creation_timestamp": "2026-07-10T12:26:14.303646Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/107e1a3c-415b-48d5-8473-1a371d7cdb6f/export"/>
    <published>2026-07-10T12:26:14.303646+00:00</published>
  </entry>
</feed>
