Login Sign Up

CVE-2023-39329

6.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in OpenJPEG allows an attacker to cause a denial of service through resource exhaustion by providing a specially crafted image file. The flaw occurs in the opj_t1_decode_cblks function during image processing, affecting any system or application that uses OpenJPEG to decode JPEG 2000 images.

💻 Affected Systems

Products:
  • OpenJPEG
  • Applications using OpenJPEG library
Versions: All versions before 2.5.2
Operating Systems: All platforms running OpenJPEG
Default Config Vulnerable: ⚠️ Yes
Notes: Any application that uses OpenJPEG to process JPEG 2000 images is vulnerable.

📦 What is this software?

Openjpeg by Uclouvain

View all CVEs affecting Openjpeg →

Openjpeg by Uclouvain

View all CVEs affecting Openjpeg →

Openjpeg by Uclouvain

View all CVEs affecting Openjpeg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of applications using OpenJPEG for image processing, potentially affecting availability of critical systems.

🟠

Likely Case

Application crashes or becomes unresponsive when processing malicious image files, leading to denial of service.

🟢

If Mitigated

Limited impact with proper input validation and resource limits in place.

🌐 Internet-Facing: MEDIUM - Exploitable via image upload functionality, but requires specific conditions.
🏢 Internal Only: LOW - Requires user interaction or specific image processing workflows.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires providing a malicious image file to vulnerable systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenJPEG 2.5.2 and later

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2023-39329

Restart Required: Yes

Instructions:

1. Update OpenJPEG to version 2.5.2 or later. 2. Restart affected applications. 3. Rebuild any applications statically linked to OpenJPEG.

🔧 Temporary Workarounds

Input validation

all

Implement strict input validation for image files before processing with OpenJPEG.

Resource limits

linux

Set resource limits on processes using OpenJPEG to prevent complete system exhaustion.

ulimit -v 1048576
ulimit -t 30

🧯 If You Can't Patch

  • Disable JPEG 2000 image processing in affected applications
  • Implement web application firewall rules to block suspicious image uploads

🔍 How to Verify

Check if Vulnerable:

Check OpenJPEG version: opj_decompress -v 2>&1 | grep version

Check Version:

opj_decompress -v 2>&1 | grep -o 'version [0-9.]*'

Verify Fix Applied:

Confirm OpenJPEG version is 2.5.2 or higher

📡 Detection & Monitoring

Log Indicators:

  • Application crashes
  • High memory/CPU usage spikes
  • Failed image processing operations

Network Indicators:

  • Multiple failed image upload attempts
  • Unusual image file upload patterns

SIEM Query:

source="application.log" AND ("segmentation fault" OR "out of memory" OR "opj_t1_decode_cblks")

📊 Metadata

CVE ID: CVE-2023-39329
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: July 13, 2024
Last Updated: August 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39329, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)