Vulnerability - CVE-2025-50952

Name

CVE-2025-50952

Source

NVD ( link)Debian ( link)

Description

openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.

CWEs

CWE-476

Published Date

Aug 7, 2025

Updated Date

Jun 17, 2026

Workaround

Advisories

https://github.com/uclouvain/openjpeg/issues/1505Issue Tracking

Analysis#

Affected Component

Analysis

openjpeg

Patched

Vulnerability Ratings#

6.5

CVSSv31

NaN

other

Others affected components#

Name

Project

Project Version

Version

Status

openjpeg

buildroot

2025.02.x

2.5.4

Not Affected

openjpeg

buildroot

master

2.5.4

Not Affected

openjpeg

yocto

master

2.5.4

Not Affected

openjpeg

yocto

scarthgap

2.5.4

Not Affected

Resolved with patches#

openjpeg (yocto:kirkstone)

Title

Author

Resolve

opj_dwt_decode_tile(): avoid potential

Even Rouault <even.rouault@spatialys.com>

CVE-2025-50952