Vulnerability CVE-2025-50952: Information

Description

openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.

Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
URL: https://nvd.nist.gov/vuln/detail/CVE-2025-50952
Published: Aug. 7, 2025
Modified: Dec. 29, 2025
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libopenjpeg2.0sisyphus2.5.1-alt12.5.4-alt1ALT-PU-2024-3037-2341475Fixed
libopenjpeg2.0p112.5.1-alt12.5.4-alt1ALT-PU-2024-3037-2341475Fixed
libopenjpeg2.0c10f22.5.3-alt12.5.4-alt1ALT-PU-2025-10918-3393308Fixed
texmakersisyphus6.0.1-alt26.0.1-alt2ALT-PU-2026-3933-1409772Fixed
texmakersisyphus_loongarch646.0.1-alt26.0.1-alt2ALT-PU-2026-4033-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/uclouvain/openjpeg/issues/1505
  • Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/12/msg00035.html
    BDU:2025-10831
        1. cpe:2.3:a:uclouvain:openjpeg:2.5.0:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
      Version: v26.2.2
      Back to top