An update for openjpeg2 is now available for openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1959 Final 1.0 1.0 2026-04-17 Initial 2026-04-17 2026-04-17 openEuler SA Tool V1.0 2026-04-17 openjpeg2 security update An update for openjpeg2 is now available for openEuler-24.03-LTS-SP3 OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group (JPEG). Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000 Reference Software. Security Fix(es): A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.(CVE-2026-6192) An update for openjpeg2 is now available for openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low openjpeg2 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1959 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6192 https://nvd.nist.gov/vuln/detail/CVE-2026-6192 openEuler-24.03-LTS-SP3 openjpeg2-2.5.0-9.oe2403sp3.aarch64.rpm openjpeg2-debuginfo-2.5.0-9.oe2403sp3.aarch64.rpm openjpeg2-debugsource-2.5.0-9.oe2403sp3.aarch64.rpm openjpeg2-devel-2.5.0-9.oe2403sp3.aarch64.rpm openjpeg2-tools-2.5.0-9.oe2403sp3.aarch64.rpm openjpeg2-2.5.0-9.oe2403sp3.src.rpm openjpeg2-2.5.0-9.oe2403sp3.x86_64.rpm openjpeg2-debuginfo-2.5.0-9.oe2403sp3.x86_64.rpm openjpeg2-debugsource-2.5.0-9.oe2403sp3.x86_64.rpm openjpeg2-devel-2.5.0-9.oe2403sp3.x86_64.rpm openjpeg2-tools-2.5.0-9.oe2403sp3.x86_64.rpm openjpeg2-help-2.5.0-9.oe2403sp3.noarch.rpm A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue. 2026-04-17 CVE-2026-6192 openEuler-24.03-LTS-SP3 Low 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L openjpeg2 security update 2026-04-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1959