CVE-2025-50952 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
mitre	CNA	---				---
CISA-ADP	ADP	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Vendor	Product	Version
uclouvain	openjpeg	2.5.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openjpeg2

bullseye	postponed
bullseye (security)	vulnerable
bookworm	2.5.0-2+deb12u2 fixed
bookworm (security)	vulnerable
trixie	2.5.3-2.1~deb13u1 fixed
forky	2.5.3-2.1 fixed
sid	2.5.3-2.1 fixed

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Vulnerability Media Exposure

[GERMAN] OpenJPEG: Schwachstelle ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenJPEG ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2025-08-07T22:00:00+00:00

References

https://github.com/uclouvain/openjpeg/issues/1505