JLSEC-2026-536

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-536.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-536.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-536
Upstream
Published
2026-05-26T19:31:24.313Z
Modified
2026-05-26T19:45:03.107618118Z
Summary
[none]
Details

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Database specific 
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "published": "2021-05-13T15:15:07.533Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27823",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2020-27823",
            "modified": "2024-11-21T05:21:52.770Z",
            "database_specific": {
                "status": "Modified"
            },
            "imported": "2026-05-25T01:08:37.765Z",
            "id": "CVE-2020-27823"
        }
    ]
}
References

Affected packages

Julia / OpenJpeg_jll

Package

Name
OpenJpeg_jll
Purl
pkg:julia/OpenJpeg_jll?uuid=643b3616-a352-519d-856d-80112ee9badc

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.0+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-536.json"