{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Low" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"openjpeg2 security update", "category":"general", "title":"Synopsis" }, { "text":"An update for openjpeg2 is now available for openEuler-24.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group (JPEG). Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000 Reference Software.\n\nSecurity Fix(es):\n\nA vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.(CVE-2026-6192)", "category":"general", "title":"Description" }, { "text":"An update for openjpeg2 is now available for openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Low", "category":"general", "title":"Severity" }, { "text":"openjpeg2", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1959", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1959" }, { "summary":"CVE-2026-6192", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6192&packageName=openjpeg2" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6192" }, { "summary":"openEuler-SA-2026-1959 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1959.json" } ], "title":"An update for openjpeg2 is now available for openEuler-24.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-04-17T21:04:32+08:00", "revision_history":[ { "date":"2026-04-17T21:04:32+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-04-17T21:04:32+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-04-17T21:04:32+08:00", "id":"openEuler-SA-2026-1959", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openjpeg2-2.5.0-9.oe2403sp3.aarch64.rpm", "name":"openjpeg2-2.5.0-9.oe2403sp3.aarch64.rpm" }, "name":"openjpeg2-2.5.0-9.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openjpeg2-debuginfo-2.5.0-9.oe2403sp3.aarch64.rpm", "name":"openjpeg2-debuginfo-2.5.0-9.oe2403sp3.aarch64.rpm" }, "name":"openjpeg2-debuginfo-2.5.0-9.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openjpeg2-debugsource-2.5.0-9.oe2403sp3.aarch64.rpm", "name":"openjpeg2-debugsource-2.5.0-9.oe2403sp3.aarch64.rpm" }, "name":"openjpeg2-debugsource-2.5.0-9.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openjpeg2-devel-2.5.0-9.oe2403sp3.aarch64.rpm", "name":"openjpeg2-devel-2.5.0-9.oe2403sp3.aarch64.rpm" }, "name":"openjpeg2-devel-2.5.0-9.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openjpeg2-tools-2.5.0-9.oe2403sp3.aarch64.rpm", "name":"openjpeg2-tools-2.5.0-9.oe2403sp3.aarch64.rpm" }, "name":"openjpeg2-tools-2.5.0-9.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openjpeg2-2.5.0-9.oe2403sp3.src.rpm", "name":"openjpeg2-2.5.0-9.oe2403sp3.src.rpm" }, "name":"openjpeg2-2.5.0-9.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openjpeg2-2.5.0-9.oe2403sp3.x86_64.rpm", "name":"openjpeg2-2.5.0-9.oe2403sp3.x86_64.rpm" }, "name":"openjpeg2-2.5.0-9.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openjpeg2-debuginfo-2.5.0-9.oe2403sp3.x86_64.rpm", "name":"openjpeg2-debuginfo-2.5.0-9.oe2403sp3.x86_64.rpm" }, "name":"openjpeg2-debuginfo-2.5.0-9.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openjpeg2-debugsource-2.5.0-9.oe2403sp3.x86_64.rpm", "name":"openjpeg2-debugsource-2.5.0-9.oe2403sp3.x86_64.rpm" }, "name":"openjpeg2-debugsource-2.5.0-9.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openjpeg2-devel-2.5.0-9.oe2403sp3.x86_64.rpm", "name":"openjpeg2-devel-2.5.0-9.oe2403sp3.x86_64.rpm" }, "name":"openjpeg2-devel-2.5.0-9.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openjpeg2-tools-2.5.0-9.oe2403sp3.x86_64.rpm", "name":"openjpeg2-tools-2.5.0-9.oe2403sp3.x86_64.rpm" }, "name":"openjpeg2-tools-2.5.0-9.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openjpeg2-help-2.5.0-9.oe2403sp3.noarch.rpm", "name":"openjpeg2-help-2.5.0-9.oe2403sp3.noarch.rpm" }, "name":"openjpeg2-help-2.5.0-9.oe2403sp3.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"openjpeg2-2.5.0-9.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:openjpeg2-2.5.0-9.oe2403sp3.aarch64", "name":"openjpeg2-2.5.0-9.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"openjpeg2-debuginfo-2.5.0-9.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:openjpeg2-debuginfo-2.5.0-9.oe2403sp3.aarch64", "name":"openjpeg2-debuginfo-2.5.0-9.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"openjpeg2-debugsource-2.5.0-9.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:openjpeg2-debugsource-2.5.0-9.oe2403sp3.aarch64", "name":"openjpeg2-debugsource-2.5.0-9.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"openjpeg2-devel-2.5.0-9.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:openjpeg2-devel-2.5.0-9.oe2403sp3.aarch64", "name":"openjpeg2-devel-2.5.0-9.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"openjpeg2-tools-2.5.0-9.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:openjpeg2-tools-2.5.0-9.oe2403sp3.aarch64", "name":"openjpeg2-tools-2.5.0-9.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"openjpeg2-2.5.0-9.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:openjpeg2-2.5.0-9.oe2403sp3.src", "name":"openjpeg2-2.5.0-9.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"openjpeg2-2.5.0-9.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:openjpeg2-2.5.0-9.oe2403sp3.x86_64", "name":"openjpeg2-2.5.0-9.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"openjpeg2-debuginfo-2.5.0-9.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:openjpeg2-debuginfo-2.5.0-9.oe2403sp3.x86_64", "name":"openjpeg2-debuginfo-2.5.0-9.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"openjpeg2-debugsource-2.5.0-9.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:openjpeg2-debugsource-2.5.0-9.oe2403sp3.x86_64", "name":"openjpeg2-debugsource-2.5.0-9.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"openjpeg2-devel-2.5.0-9.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:openjpeg2-devel-2.5.0-9.oe2403sp3.x86_64", "name":"openjpeg2-devel-2.5.0-9.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"openjpeg2-tools-2.5.0-9.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:openjpeg2-tools-2.5.0-9.oe2403sp3.x86_64", "name":"openjpeg2-tools-2.5.0-9.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"openjpeg2-help-2.5.0-9.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:openjpeg2-help-2.5.0-9.oe2403sp3.noarch", "name":"openjpeg2-help-2.5.0-9.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-6192", "notes":[ { "text":"A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:openjpeg2-2.5.0-9.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:openjpeg2-debuginfo-2.5.0-9.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:openjpeg2-debugsource-2.5.0-9.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:openjpeg2-devel-2.5.0-9.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:openjpeg2-tools-2.5.0-9.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:openjpeg2-2.5.0-9.oe2403sp3.src", "openEuler-24.03-LTS-SP3:openjpeg2-2.5.0-9.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:openjpeg2-debuginfo-2.5.0-9.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:openjpeg2-debugsource-2.5.0-9.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:openjpeg2-devel-2.5.0-9.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:openjpeg2-tools-2.5.0-9.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:openjpeg2-help-2.5.0-9.oe2403sp3.noarch" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"openjpeg2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1959" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2026-6192" } ] }