NIXPKGS-2025-0017

published on 26 Sep 2025

Permalink CVE-2023-39328

updated 4 months, 1 week ago by @Erethon Activity log

Created automatic suggestion 5 months, 4 weeks ago
@Erethon accepted 4 months, 1 week ago
@Erethon published on GitHub 4 months, 1 week ago

Openjpeg: denail of service via crafted image file

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.

Affected products

openjpeg

==2.5.0

openjpeg2

gimp:flatpak/openjpeg2

inkscape:flatpak/openjpeg2

libreoffice:flatpak/openjpeg2

Matching in nixpkgs

pkgs.openjpeg

Open-source JPEG 2000 codec written in C language

nixos-unstable 2.5.2
- nixpkgs-unstable 2.5.2
- nixos-unstable-small 2.5.2
nixos-25.05 -
- nixos-25.05-small 2.5.2

pkgs.python311Packages.pylibjpeg-openjpeg

A J2K and JP2 plugin for pylibjpeg

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0

pkgs.python312Packages.pylibjpeg-openjpeg

A J2K and JP2 plugin for pylibjpeg

nixos-unstable 2.4.0
- nixpkgs-unstable 2.4.0
- nixos-unstable-small 2.4.0
nixos-25.05 -
- nixos-25.05-small 2.4.0

pkgs.python313Packages.pylibjpeg-openjpeg

A J2K and JP2 plugin for pylibjpeg

nixos-unstable 2.4.0
- nixpkgs-unstable 2.4.0
- nixos-unstable-small 2.4.0
nixos-25.05 -
- nixos-25.05-small 2.4.0

Package maintainers

@codyopel Cody Opel <codyopel@gmail.com>
@bcdarwin Ben Darwin <bcdarwin@gmail.com>

Nixpkgs Security Tracker

Details of issue NIXPKGS-2025-0017

Affected products

Matching in nixpkgs

pkgs.openjpeg

pkgs.python311Packages.pylibjpeg-openjpeg

pkgs.python312Packages.pylibjpeg-openjpeg

pkgs.python313Packages.pylibjpeg-openjpeg

Package maintainers