A vulnerability has been reported in OpenJPEG, which can be exploited by malicious people to potentially compromise an application using the library.
The vulnerability is caused due to an error when decoding images and can be exploited to cause a heap-based buffer overflow via a specially crafted file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 1.5.0. Other versions may also be affected.
No official solution is currently available.
Note: this is not CVE-2012-3358 ( bug 425772 )
Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote
attackers to cause a denial of service (application crash) and possibly
execute arbitrary code via a crafted JPEG2000 file.
GLSA request filed.
This issue was resolved and addressed in
GLSA 201310-07 at http://security.gentoo.org/glsa/glsa-201310-07.xml
by GLSA coordinator Sean Amoss (ackle).