Your message dated Tue, 12 Aug 2025 04:07:46 +0000
with message-id <[email protected]>
and subject line Bug#1110443: fixed in openjpeg2 2.5.3-2.1
has caused the Debian Bug report #1110443,
regarding openjpeg2: CVE-2025-54874
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110443: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110443
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openjpeg2
Version: 2.5.3-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/pull/1573
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for openjpeg2.
CVE-2025-54874[0]:
| OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and
| earlier, a call to opj_jp2_read_header may lead to OOB heap memory
| write when the data stream p_stream is too short and p_image is not
| initialized.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-54874
https://www.cve.org/CVERecord?id=CVE-2025-54874
[1] https://github.com/uclouvain/openjpeg/pull/1573
[2]
https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openjpeg2
Source-Version: 2.5.3-2.1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openjpeg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated openjpeg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 09 Aug 2025 18:19:52 +0300
Source: openjpeg2
Architecture: source
Version: 2.5.3-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1110443
Changes:
openjpeg2 (2.5.3-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-54874: Out-of-bounds write in opj_jp2_read_header()
(Closes: #1110443)
Checksums-Sha1:
de54442487b527bba20508f1d7c624fc7b762aa1 2571 openjpeg2_2.5.3-2.1.dsc
2a8469449f17ff8ea4b27e0e3a5cf5f6213c0533 15688
openjpeg2_2.5.3-2.1.debian.tar.xz
Checksums-Sha256:
66e3aa987aab26f375d089a717d142e1477eb511ae9b28988c62d627d6b492f4 2571
openjpeg2_2.5.3-2.1.dsc
c0dd797a04819119243651ab5219073688b395e95d12a7aca1c2f882e27ecf3e 15688
openjpeg2_2.5.3-2.1.debian.tar.xz
Files:
7ec499c7e3d3c867a96b35faa877f5c6 2571 libs optional openjpeg2_2.5.3-2.1.dsc
1038d1c1ca899c939390b76859214f79 15688 libs optional
openjpeg2_2.5.3-2.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmiYFL0ACgkQiNJCh6LY
mLHplw/+N6tKjSrBmX01J8rShPPBw6lHuuOPG+E6ZLnLEVaoENJmtKAb3XYYaeBq
J3BmjqQ9HZA2okZ1H5Xb51N5dPXABQkTx5KKKi2yYKOrJ8PMdAC0f8MYmbjaVkhr
UJtauaPVw5tWuH4kGxOCd/FvElPpA4AIYlKKbH+VayhY81K+cicHHIbT31iflls6
W/njqSmCxouKCUYDc7EXonYk4uepRLBuqffitPPbZURuaqczl7UQ826rk4CCBWDl
ukuVsryrP0rDz8Rh/PZLPkbArZfpHq2nEvKzkoVmWYh4iFz+yLRQbNk44jo0wgxW
LpnEeetuLmKBXWJgE8bNuuIgmmsFKMaLu9c9W3EwFnbq9GYtXB2RW02XF2jeHH39
j6H1uOX7Y+k7gVpNqkwI5oVU++WaHV2RKFx9sg3vFANeEQAOZHeYF9eNyPblbD/p
EwR6LNhk7xNe18i2nAtwC990SCE7mvOue9E3VP2k2nDQQ6KrEUdTlA5NwBUVPBw/
yrI//i9cwtNKR/flL+sTLrSZa6ED4aW4KoX5abXzIgynJYFwT0uteGl0zilPm29w
Ws5tXJh0ulV6eIzQPTx+14Rzl5AVpMzVvSmMaiiXdgfDHlB2smriuA/DwCQ6B3Ot
6UUdHvRifxzvwikpz8s6IGrR4/tCDIgEp3sQPBgKtdVIKzjwObI=
=L32U
-----END PGP SIGNATURE-----
pgpCKalIK65QQ.pgp
Description: PGP signature
--- End Message ---
