| Package | openjpeg2 |
|---|---|
| Version | 2.3.0-2+deb10u4 (buster) |
| Related CVEs | CVE-2019-12973 CVE-2025-50952 |
Multiple vulnerabilities have been fixed in the JPEG 2000 image library OpenJPEG.
CVE-2019-12973
Excessive iterations in convertbmp
CVE-2025-50952
Avoid potential undefined behaviour in opj_dwt_decode_tile()
For Debian 10 buster, these problems have been fixed in version 2.3.0-2+deb10u4.
We recommend that you upgrade your openjpeg2 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.