openjpeg-1.3-16.AXS4

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been
developed in order to promote the use of JPEG 2000, the new still-image
compression standard from the Joint Photographic Experts Group (JPEG).

Security issues fixed with this release:

CVE-2016-5139
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c
in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116,
allow remote attackers to cause a denial of service (heap-based buffer
overflow) or possibly have unspecified other impact via crafted JPEG
2000 data.
CVE-2016-5158
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c
in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on
Windows and OS X and before 53.0.2785.92 on Linux, allow remote
attackers to cause a denial of service (heap-based buffer overflow) or
possibly have unspecified other impact via crafted JPEG 2000 data.
CVE-2016-5159
Multiple integer overflows in OpenJPEG, as used in PDFium in Google
Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92
on Linux, allow remote attackers to cause a denial of service
(heap-based buffer overflow) or possibly have unspecified other impact
via crafted JPEG 2000 data that is mishandled during
opj_aligned_malloc calls in dwt.c and t1.c.
CVE-2016-7163
Integer overflow in the opj_pi_create_decode function in pi.c in
OpenJPEG allows remote attackers to execute arbitrary code via a
crafted JP2 file, which triggers an out-of-bounds read or write.
CVE-2016-9675
openjpeg: A heap-based buffer overflow flaw was found in the patch for
CVE-2013-6045. A crafted j2k image could cause the application to
crash, or potentially execute arbitrary code.