Vulnerability Spotlight: OpenJPEG JPEG2000 mcc record Code Execution Vulnerability
Vulnerability discovered by Aleksandar Nikolic of Cisco Talos
Talos has identified an exploitable out-of-bounds vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library (TALOS-2016-0193/CVE-2016-8332). The JPEG 2000 file format is commonly used for embedding images inside PDF documents. This particular vulnerability could allow an out-of-bound heap write to occur, resulting in heap corruption and lead to arbitrary code execution. Talos has disclosed this vulnerability responsibily to the library maintainers to ensure a patch is available.