USN-7757-1

It was discovered that OpenJPEG did not properly handle memory when decompressing certain image files. An attacker could possibly use this issue to cause OpenJPEG to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2025-50952)

It was discovered that OpenJPEG did not properly handle memory when parsing the headers of certain image files. An attacker could use this issue to cause OpenJPEG to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 25.04. (CVE-2025-54874)

References

Affected packages

Ubuntu:Pro:18.04:LTS / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.3.0-2+deb10u2ubuntu0.1~esm5?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.0-2+deb10u2ubuntu0.1~esm5

Affected versions

2.*

2.2.0-1

2.3.0-1

2.3.0-2build0.18.04.1

2.3.0-2ubuntu0.1~esm1

2.3.0-2+deb10u2build0.18.04.1

2.3.0-2+deb10u2ubuntu0.1~esm1

2.3.0-2+deb10u2ubuntu0.1~esm2

2.3.0-2+deb10u2ubuntu0.1~esm3

2.3.0-2+deb10u2ubuntu0.1~esm4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libopenjp2-7",
            "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm5"
        },
        {
            "binary_name": "libopenjp2-7-dev",
            "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm5"
        },
        {
            "binary_name": "libopenjp2-tools",
            "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm5"
        },
        {
            "binary_name": "libopenjp3d-tools",
            "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm5"
        },
        {
            "binary_name": "libopenjp3d7",
            "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm5"
        },
        {
            "binary_name": "libopenjpip-dec-server",
            "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm5"
        },
        {
            "binary_name": "libopenjpip-server",
            "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm5"
        },
        {
            "binary_name": "libopenjpip-viewer",
            "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm5"
        },
        {
            "binary_name": "libopenjpip7",
            "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm5"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Ubuntu:Pro:20.04:LTS / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.3.1-1ubuntu4.20.04.4+esm1?arch=source&distro=esm-infra/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.1-1ubuntu4.20.04.4+esm1

Affected versions

2.*

2.3.0-2

2.3.0-2build1

2.3.1-1

2.3.1-1ubuntu3

2.3.1-1ubuntu4

2.3.1-1ubuntu4.20.04.1

2.3.1-1ubuntu4.20.04.2

2.3.1-1ubuntu4.20.04.3

2.3.1-1ubuntu4.20.04.4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libopenjp2-7",
            "binary_version": "2.3.1-1ubuntu4.20.04.4+esm1"
        },
        {
            "binary_name": "libopenjp2-7-dev",
            "binary_version": "2.3.1-1ubuntu4.20.04.4+esm1"
        },
        {
            "binary_name": "libopenjp2-tools",
            "binary_version": "2.3.1-1ubuntu4.20.04.4+esm1"
        },
        {
            "binary_name": "libopenjp3d-tools",
            "binary_version": "2.3.1-1ubuntu4.20.04.4+esm1"
        },
        {
            "binary_name": "libopenjp3d7",
            "binary_version": "2.3.1-1ubuntu4.20.04.4+esm1"
        },
        {
            "binary_name": "libopenjpip-dec-server",
            "binary_version": "2.3.1-1ubuntu4.20.04.4+esm1"
        },
        {
            "binary_name": "libopenjpip-server",
            "binary_version": "2.3.1-1ubuntu4.20.04.4+esm1"
        },
        {
            "binary_name": "libopenjpip-viewer",
            "binary_version": "2.3.1-1ubuntu4.20.04.4+esm1"
        },
        {
            "binary_name": "libopenjpip7",
            "binary_version": "2.3.1-1ubuntu4.20.04.4+esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Ubuntu:22.04:LTS / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.4.0-6ubuntu0.4?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-6ubuntu0.4

Affected versions

2.*

2.3.1-1ubuntu5

2.3.1-1ubuntu6

2.4.0-3

2.4.0-5

2.4.0-6

2.4.0-6ubuntu0.1

2.4.0-6ubuntu0.2

2.4.0-6ubuntu0.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libopenjp2-7",
            "binary_version": "2.4.0-6ubuntu0.4"
        },
        {
            "binary_name": "libopenjp2-7-dev",
            "binary_version": "2.4.0-6ubuntu0.4"
        },
        {
            "binary_name": "libopenjp2-tools",
            "binary_version": "2.4.0-6ubuntu0.4"
        },
        {
            "binary_name": "libopenjp3d-tools",
            "binary_version": "2.4.0-6ubuntu0.4"
        },
        {
            "binary_name": "libopenjp3d7",
            "binary_version": "2.4.0-6ubuntu0.4"
        },
        {
            "binary_name": "libopenjpip-dec-server",
            "binary_version": "2.4.0-6ubuntu0.4"
        },
        {
            "binary_name": "libopenjpip-server",
            "binary_version": "2.4.0-6ubuntu0.4"
        },
        {
            "binary_name": "libopenjpip-viewer",
            "binary_version": "2.4.0-6ubuntu0.4"
        },
        {
            "binary_name": "libopenjpip7",
            "binary_version": "2.4.0-6ubuntu0.4"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:24.04:LTS / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.5.0-2ubuntu0.4?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-2ubuntu0.4

Affected versions

2.*

2.5.0-2

2.5.0-2build2

2.5.0-2build3

2.5.0-2ubuntu0.1

2.5.0-2ubuntu0.2

2.5.0-2ubuntu0.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libopenjp2-7",
            "binary_version": "2.5.0-2ubuntu0.4"
        },
        {
            "binary_name": "libopenjp2-7-dev",
            "binary_version": "2.5.0-2ubuntu0.4"
        },
        {
            "binary_name": "libopenjp2-tools",
            "binary_version": "2.5.0-2ubuntu0.4"
        },
        {
            "binary_name": "libopenjpip-dec-server",
            "binary_version": "2.5.0-2ubuntu0.4"
        },
        {
            "binary_name": "libopenjpip-server",
            "binary_version": "2.5.0-2ubuntu0.4"
        },
        {
            "binary_name": "libopenjpip-viewer",
            "binary_version": "2.5.0-2ubuntu0.4"
        },
        {
            "binary_name": "libopenjpip7",
            "binary_version": "2.5.0-2ubuntu0.4"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:25.04 / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.5.3-2ubuntu0.1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.3-2ubuntu0.1

Affected versions

2.*

2.5.0-2ubuntu1

2.5.0-2ubuntu2

2.5.0-2ubuntu3

2.5.3-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libopenjp2-7",
            "binary_version": "2.5.3-2ubuntu0.1"
        },
        {
            "binary_name": "libopenjp2-7-dev",
            "binary_version": "2.5.3-2ubuntu0.1"
        },
        {
            "binary_name": "libopenjp2-tools",
            "binary_version": "2.5.3-2ubuntu0.1"
        },
        {
            "binary_name": "libopenjpip-dec-server",
            "binary_version": "2.5.3-2ubuntu0.1"
        },
        {
            "binary_name": "libopenjpip-viewer",
            "binary_version": "2.5.3-2ubuntu0.1"
        },
        {
            "binary_name": "libopenjpip7",
            "binary_version": "2.5.3-2ubuntu0.1"
        }
    ],
    "availability": "No subscription required"
}