The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows
remote attackers to cause a denial of service (memory corruption) and
possibly execute arbitrary code via crafted tile information in a Gray16
TIFF image, which causes insufficient memory to be allocated and leads to
an "invalid free."
Updated: 2015-10-17 03:34:00 UTC (commit 10086)