HCE3-SA-2025-0117 Important HCE 3.0 Security Fix(es): A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. (CVE-2024-56826) A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file. (CVE-2023-39328) A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. (CVE-2021-3575) A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. (CVE-2024-56827) openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. (CVE-2025-50952) HCE 3.0 openjpeg2-2.5.0-7.r2.hce3.x86_64.rpm openjpeg2-devel-2.5.0-7.r2.hce3.x86_64.rpm openjpeg2-help-2.5.0-7.r2.hce3.noarch.rpm openjpeg2-tools-2.5.0-7.r2.hce3.x86_64.rpm openjpeg2-2.5.0-7.r2.hce3.aarch64.rpm openjpeg2-devel-2.5.0-7.r2.hce3.aarch64.rpm openjpeg2-tools-2.5.0-7.r2.hce3.aarch64.rpm