[SECURITY] [DSA 6277-1] openjpeg2 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6277-1] openjpeg2 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 15 May 2026 21:35:24 +0000
Message-id: <[🔎] ageRnO8R9Xvd9tpA@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6277-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 15, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjpeg2
CVE ID         : CVE-2026-6192

An integer overflow has been discovered in OpenJPEG, a JPEG 2000 image
compression/decompression library, which could result in denial of
service or potentially the execution of arbitrary code if malformed
images are opened.

For the oldstable distribution (bookworm), this problem has been fixed
in version 2.5.0-2+deb12u3.

For the stable distribution (trixie), this problem has been fixed in
version 2.5.3-2.1~deb13u2.

We recommend that you upgrade your openjpeg2 packages.

For the detailed security status of openjpeg2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjpeg2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoHkAIACgkQEMKTtsN8
TjZ/0w//UZbi0A/uBeVoF6vBAJ8Dr55e7W3SeeY+Ot8udzK5S3r76oQuRgo61O99
8ZMnSJPL8oV4eYvzg4ex7EOPm7PhTXnk0hhojfRUBSXTZQvl31oEJFeY5hKgDfRJ
4ly7oA2wBMQh8uWyTl04fi2AVnNIFFkt6FA/GFPK9CXCd9gLFyEWZIXorq8qlxoz
97ndaN6M+9KCaRsmpjL/MrGqV6Mr6wp8JwsMwJTgNvxflB/UQJw+XJ6Oxr2zbjtX
Rqry/W6xuTdoSOqZiP5GJgpXrlETsWRSyqvL5taozafGFl1GxWZ0GPU6Hxq3ky3l
n7wJG1ajRL1sUAfrg4W1Ye7he/iMbe3Vbfb3WPOLrW0czq6+53ZzuL8RUdIbZ7Hi
SHzi6zMNii4/Sljm3sE4BDbBZX/AxlbYJcvs1PTHLkhooNrdfBwK0EjpWtz40faI
IzLBi3JDu+xhsmF/LIBU/Hghq0463R0HFYEqDXsBFjTXfgds0Wvc/V35xUln2j8A
dCOKp/gEGx4CbAIzMz0yoCy7MTHtpItNbVi5NsTsDkGZwrKnxAmr1e/T/jmbwNPV
E6wsuVV00YcYF0sbzbwbYNE99ZVACcSTSM6xDo0qiVDAwOmwgZvO25lhtvqVuOWL
G0rpiJMa/LjoNI+2qagTwmV7SLXuRr6DChsD5l4/RFjMHr2qG9o=
=9Jxj
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6276-1] ffmpeg security update
Next by Date: [SECURITY] [DSA 6278-1] nginx security update
Previous by thread: [SECURITY] [DSA 6276-1] ffmpeg security update
Next by thread: [SECURITY] [DSA 6278-1] nginx security update
Index(es):
- Date
- Thread