Description
* Multiple integer overflow flaws, leading to heap-based buffer overflows, were
found in OpenJPEG. A specially crafted JPEG2000 image could cause an application
using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139,
CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)
* An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image
tool. Converting a specially crafted JPEG2000 file to another format could cause
the application to crash or, potentially, disclose some data from the heap.
(CVE-2016-9573)
* A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially
crafted JPEG2000 image, when read by an application using OpenJPEG, could cause
the application to crash or, potentially, execute arbitrary code.
(CVE-2016-9675)