JLSEC-2026-648

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-648.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-648.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-648
Upstream
  • EUVD-2025-27255
Published
2026-06-26T20:24:16.337Z
Modified
2026-06-26T20:30:05.272902490Z
Severity
  • 7.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H CVSS Calculator
Summary
[none]
Details

A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.

Database specific
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "id": "CVE-2025-9951",
            "published": "2025-09-09T14:15:49.720Z",
            "modified": "2026-06-17T10:10:08.627Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9951",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-9951",
            "database_specific": {
                "status": "Deferred"
            },
            "imported": "2026-06-26T19:19:12.222Z"
        },
        {
            "id": "EUVD-2025-27255",
            "modified": "2026-02-26T17:49:05Z",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-27255",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-27255",
            "published": "2025-09-09T13:54:08Z",
            "imported": "2026-06-26T19:19:09.422Z"
        }
    ]
}
References

Affected packages

Julia / FFMPEG_jll

Package

Name
FFMPEG_jll
Purl
pkg:julia/FFMPEG_jll?uuid=b22a6f82-2f65-5046-a5b2-351ab43fb4e5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.0+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-648.json"

Julia / FFplay_jll

Package

Name
FFplay_jll
Purl
pkg:julia/FFplay_jll?uuid=c4dce911-e170-5107-8314-c7bdc6785395

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.2+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-648.json"