Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: openjpeg

Found 2 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-6192
3.3 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 1 month, 1 week ago by @LeSuisse Activity log
  • Created suggestion 1 month, 1 week ago
  • @LeSuisse ignored
    3 packages
    • python312Packages.pylibjpeg-openjpeg
    • python313Packages.pylibjpeg-openjpeg
    • python314Packages.pylibjpeg-openjpeg
    1 month, 1 week ago
  • @LeSuisse accepted 1 month, 1 week ago
  • @LeSuisse published on GitHub 1 month, 1 week ago
uclouvain openjpeg pi.c opj_pi_initialise_encode integer overflow

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.

Affected products

openjpeg
  • ==2.5.1
  • ==2.5.4
  • ==2.5.3
  • ==2.5.2
  • ==2.5.0

Matching in nixpkgs

pkgs.openjpeg

Open-source JPEG 2000 codec written in C language

Ignored packages (3)

Package maintainers

Untriaged
Permalink CVE-2025-54874
created 4 months ago Activity log
  • Created suggestion 4 months ago
OpenJPEG allows OOB heap memory write in opj_jp2_read_header

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.

Affected products

openjpeg
  • ==<= 2.5.3
  • ==>= 2.5.1, <= 2.5.3

Matching in nixpkgs

pkgs.openjpeg

Open-source JPEG 2000 codec written in C language

Package maintainers