NULL Pointer Dereference in OpenJPEG Affects Multiple Applications
CVE-2025-50952

Currently unrated

Key Information:

Vendor: OpenJPEG
Status: OpenJPEG
Vendor: CVE Published:; 7 August 2025

What is CVE-2025-50952?

A NULL pointer dereference vulnerability has been identified in OpenJPEG version 2.5.0. The flaw occurs in the component located at /openjp2/dwt.c, which can lead to unexpected behavior, including crashes and potential exploitation by an attacker. This vulnerability highlights the importance of thorough code auditing and prompt updating to mitigate risks associated with deprecated or flawed coding practices.

References

https://github.com/uclouvain/openjpeg/issues/1505

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2025
Vulnerability Reserved
Jun 16, 2025