uclouvain CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW uclouvain CVE published 2026-04-13

CVE-2026-6192

CVE-2026-6192 is a locally exploitable integer overflow in uclouvain openjpeg up to 2.5.4, affecting opj_pi_initialise_encode in src/lib/openjp2/pi.c. The supplied CVE description says a public exploit may exist and recommends applying the referenced patch. Based on the provided CVSS vector, this is a low-impact issue that still deserves prompt remediation on systems that build, package, or embed openjpeg.

MEDIUM Uclouvain CVE published 2017-02-03

CVE-2016-3183

CVE-2016-3183 affects OpenJPEG versions before 2.1.1 and is caused by an out-of-bounds read in sycc422_t_rgb within common/color.c. NVD describes the impact as denial of service, with CWE-125 as the underlying weakness. The affected range in the NVD CPE data ends at 2.1.0, which aligns with the description that versions before 2.1.1 are vulnerable.