CVE-2016-9573 openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm()
A heap buffer overflow flaw was found in the way openjpeg decompressed certain input images. Due to an insufficient check in the imagetopnm() function, an application using openjpeg to process image data could crash when processing a crafted image.
CVE-2016-9572 openjpeg: NULL pointer dereference in input decoding
A NULL pointer dereference flaw was found in the way openjpeg decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
Note that the above patch fixes two issues: CVE-2016-9573 as well as CVE-2016-9572.
It's great to have those bugs tracked here, but just FTR there are still dozens of unfixed security bugs that come from fuzzing.
Both issues were fixed in >=media-libs/openjpeg-2.2.0.
Stabilization will happen in bug 602180.
This issue was resolved and addressed in
GLSA 201710-26 at https://security.gentoo.org/glsa/201710-26
by GLSA coordinator Aaron Bauman (b-man).