The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers
to execute arbitrary code via a crafted palette index in a CMAP record of a
JPEG image, which triggers memory corruption, aka “out-of heap-based buffer
write.”
Author | Note |
---|---|
jdstrand | per Debian, code introduced after 1.3 |