cbcvebase.
CVE-2025-50952
published 2025-08-07

CVE-2025-50952: openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.

medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianopenjpeg2< openjpeg2 2.5.0-2+deb12u2 (bookworm)openjpeg2 2.5.0-2+deb12u2 (bookworm)
the_openjpeg_projectopenjpeg2>= 0 < 2.4.0-3+deb11u22.4.0-3+deb11u2
the_openjpeg_projectopenjpeg2>= 0 < 2.5.0-2+deb12u22.5.0-2+deb12u2
the_openjpeg_projectopenjpeg2>= 0 < 2.5.3-12.5.3-1
the_openjpeg_projectopenjpeg2>= 0 < 2.5.3-12.5.3-1
the_openjpeg_projectopenjpeg2>= 0 < 2.4.0-6ubuntu0.42.4.0-6ubuntu0.4
the_openjpeg_projectopenjpeg2>= 0 < 2.5.0-2ubuntu0.42.5.0-2ubuntu0.4
the_openjpeg_projectopenjpeg2>= 0 < 2.3.0-2+deb10u2ubuntu0.1~esm52.3.0-2+deb10u2ubuntu0.1~esm5
the_openjpeg_projectopenjpeg2>= 0 < 2.3.1-1ubuntu4.20.04.4+esm12.3.1-1ubuntu4.20.04.4+esm1
uclouvainopenjpeg

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv6.5MEDIUM