| Package | openjpeg2 |
|---|---|
| Version | 2.1.2-1.1+deb9u9 (stretch) |
| Related CVEs | CVE-2025-50952 CVE-2026-6192 |
Multiple vulnerabilities have been fixed in the JPEG 2000 image library OpenJPEG.
CVE-2025-50952
Avoid potential undefined behaviour in opj_dwt_decode_tile()
CVE-2026-6192
A vulnerability was identified in uclouvain. This impacts the function
opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation
leads to integer overflow. The attack must be carried out locally.
For Debian 9 stretch, these problems have been fixed in version 2.1.2-1.1+deb9u9.
We recommend that you upgrade your openjpeg2 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.