Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
Los accesos fuera de los límites en las funciones pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl y pi_next_cprl en openmj2/pi.c en OpenJPEG mediante la versión 2.3.0 permiten a los atacantes remotos causar una denegación de servicio (bloqueo de la aplicación).
An update that fixes 8 vulnerabilities is now available. This update for openjpeg2 fixes the following issues. Fixed OOB read in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c. Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c. Fixed heap buffer overflow in lib/openjp2/mqc.c, Fixed OOB read in opj_dwt_calc_explicit_stepsizes. Fixed buffer over-read in lib/openjp2/pi.c. Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c. Fixed OOB read in opj_t2_encode_packet function in openjp2/t2.c. Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c.
