The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.
Upstream bug: https://github.com/uclouvain/openjpeg/issues/983
Upstream patch: https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7
@maintainer(s), please test and then follow procedure to stabilize and close.
Gentoo Security Scout
There are several other issues. I will ask a tag when I finish to work on it.
This issue was resolved and addressed in
GLSA 201710-26 at https://security.gentoo.org/glsa/201710-26
by GLSA coordinator Aaron Bauman (b-man).