ALAS2023-2025-1198

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1198
Advisory Released Date: 2025-09-29
Advisory Updated Date: 2025-09-29
Severity: Medium
Issue Overview:

openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. (CVE-2025-50952)


Affected Packages:

openjpeg2


Issue Correction:
Run dnf update openjpeg2 --releasever 2023.9.20250929 or dnf update --advisory ALAS2023-2025-1198 --releasever 2023.9.20250929 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    openjpeg2-tools-debuginfo-2.5.2-5.amzn2023.0.1.aarch64
    openjpeg2-debuginfo-2.5.2-5.amzn2023.0.1.aarch64
    openjpeg2-2.5.2-5.amzn2023.0.1.aarch64
    openjpeg2-devel-2.5.2-5.amzn2023.0.1.aarch64
    openjpeg2-debugsource-2.5.2-5.amzn2023.0.1.aarch64
    openjpeg2-tools-2.5.2-5.amzn2023.0.1.aarch64

noarch:
    openjpeg2-devel-docs-2.5.2-5.amzn2023.0.1.noarch

src:
    openjpeg2-2.5.2-5.amzn2023.0.1.src

x86_64:
    openjpeg2-debuginfo-2.5.2-5.amzn2023.0.1.x86_64
    openjpeg2-devel-2.5.2-5.amzn2023.0.1.x86_64
    openjpeg2-debugsource-2.5.2-5.amzn2023.0.1.x86_64
    openjpeg2-2.5.2-5.amzn2023.0.1.x86_64
    openjpeg2-tools-debuginfo-2.5.2-5.amzn2023.0.1.x86_64
    openjpeg2-tools-2.5.2-5.amzn2023.0.1.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-50952

Mitre: CVE-2025-50952