VulnerableCode Package Details - pkg:apk/alpine/openjpeg@2.5.0-r0?arch=x86&distroversion=v3.17&reponame=main

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apk/alpine/openjpeg@2.5.0-r0?arch=x86&distroversion=v3.17&reponame=main

purl	pkg:apk/alpine/openjpeg@2.5.0-r0?arch=x86&distroversion=v3.17&reponame=main

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-an46-hxt9-57e1	Out-of-bounds Write A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.	CVE-2021-3575
VCID-xh3j-ufru-6fby	Access of Uninitialized Pointer A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.	CVE-2022-1122

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T17:47:20.794263+00:00	Alpine Linux Importer	Fixing	VCID-an46-hxt9-57e1	https://secdb.alpinelinux.org/v3.17/main.json	38.1.0
2026-04-01T18:50:07.214163+00:00	Alpine Linux Importer	Fixing	VCID-xh3j-ufru-6fby	https://secdb.alpinelinux.org/v3.17/main.json	38.0.0