A memory handling vulnerability in OpenJPEG (CVE-2026-6192) during image encoding could allow an attacker to cause a denial of service or execute arbitrary code. The vulnerability affects multiple Ubuntu LTS releases, including 22.04 LTS, 24.04 LTS, 25.10, and 26.04 LTS. The issue is corrected by updating the `libopenjp2-7` package to the specific versions listed for each release, such as version 2.5.4-1ubuntu0.1 for Ubuntu 26.04 LTS.
Ubuntu Security Notices USN-8252-1 USN-8252-1: OpenJPEG vulnerability Publication date 7 May 2026 Overview OpenJPEG could be made to crash or run programs when encoding image files. Releases 26.04 LTS 25.10 24.04 LTS 22.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Packages openjpeg2 - JPEG 2000 image compression/decompression library Details It was discovered that OpenJPEG did not properly handle memory when encoding image files. An attacker could use this issue to cause OpenJPEG to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that OpenJPEG did not properly handle memory when encoding image files. An attacker could use this issue to cause OpenJPEG to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 26.04 LTS resolute libopenjp2-7 – 2.5.4-1ubuntu0.1 25.10 questing libopenjp2-7 – 2.5.3-2.1ubuntu0.1 24.04 LTS noble libopenjp2-7 – 2.5.0-2ubuntu0.5 22.04 LTS jammy libopenjp2-7 – 2.4.0-6ubuntu0.5 Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2026-6192 CVE-2026-6192