A vulnerability has been reported in OpenJPEG, which can be exploited by malicious people to compromise an application using the library.
The vulnerability is caused due to an error within the "tcd_free_encode()" function (tcd.c) when decoding tile information from Gray16 TIFF images and can be exploited to corrupt heap memory.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 1.5.0. Other versions may also be affected.
Do not process files from untrusted sources(unpatched).
Correct Secunia advisory is https://secunia.com/advisories/48781.
The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows
remote attackers to cause a denial of service (memory corruption) and
possibly execute arbitrary code via crafted tile information in a Gray16
TIFF image, which causes insufficient memory to be allocated and leads to an
GLSA request filed.
This issue was resolved and addressed in
GLSA 201310-07 at http://security.gentoo.org/glsa/glsa-201310-07.xml
by GLSA coordinator Sean Amoss (ackle).