The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows
remote attackers to cause a denial of service (memory corruption) and
possibly execute arbitrary code via crafted tile information in a Gray16
TIFF image, which causes insufficient memory to be allocated and leads to
an "invalid free."
Updated: 2016-03-23 03:35:30 UTC (commit 10817)