Name of the Vulnerable Software and Affected Versions:

OpenJPEG versions 2.5.3 and earlier

Description:

OpenJPEG is an open-source JPEG 2000 codec. A call to the `opj jp2 read header` function may lead to an out-of-bounds heap memory write when the data stream `p stream` is too short and `p image` is not initialized.

Recommendations:

Update OpenJPEG to a version later than 2.5.3.