The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows
remote attackers to cause a denial of service (memory corruption) and
possibly execute arbitrary code via crafted tile information in a Gray16
TIFF image, which causes insufficient memory to be allocated and leads to
an "invalid free."
Updated: 2015-07-29 20:37:31 UTC (commit 9756)