VulnerableCode Package Details - pkg:deb/debian/openjpeg2@2.5.0-2%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-tds3-nq6r-aybk Aliases: CVE-2025-50952	openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.	2.5.3-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-tds3-nq6r-aybk
Aliases:
CVE-2025-50952

openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.

2.5.3-2
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-7g2q-np8h-tbdn	A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.	CVE-2021-3575
VCID-abnz-vvn2-f7ed	A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.	CVE-2022-1122
VCID-apz4-uf57-zbbn	A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.	CVE-2024-56827
VCID-bfn9-bjca-s7ev	Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.	CVE-2021-29338
VCID-zesv-73ju-z3d3	A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.	CVE-2024-56826

Vulnerability

Summary

Aliases

VCID-7g2q-np8h-tbdn

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

CVE-2021-3575

VCID-abnz-vvn2-f7ed

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.

CVE-2022-1122

VCID-apz4-uf57-zbbn

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

CVE-2024-56827

VCID-bfn9-bjca-s7ev

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

CVE-2021-29338

VCID-zesv-73ju-z3d3

CVE-2024-56826

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-09T12:39:40.412216+00:00	Debian Importer	Affected by	VCID-tds3-nq6r-aybk	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T19:29:42.398070+00:00	Debian Oval Importer	Fixing	VCID-abnz-vvn2-f7ed	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:47:34.887141+00:00	Debian Oval Importer	Fixing	VCID-bfn9-bjca-s7ev	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:08:32.203876+00:00	Debian Oval Importer	Fixing	VCID-apz4-uf57-zbbn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:07:40.761090+00:00	Debian Oval Importer	Fixing	VCID-zesv-73ju-z3d3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:22:22.088442+00:00	Debian Oval Importer	Fixing	VCID-7g2q-np8h-tbdn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0