{"id":"AZL-66090","summary":"CVE-2025-54874 affecting package openjpeg2 2.3.1-12","details":"OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.","modified":"2026-04-21T04:37:46.739547Z","published":"2025-08-05T15:15:32Z","upstream":["CVE-2025-54874"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54874"}],"affected":[{"package":{"name":"openjpeg2","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/openjpeg2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.3.1-12"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66090.json"}}],"schema_version":"1.7.5"}