Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.1 allow remote attackers to cause a denial of service (application crash).
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.1 allow remote attackers to cause a denial of service (application crash).
https://github.com/uclouvain/openjpeg/pull/1168 https://github.com/uclouvain/openjpeg/commit/c277159986c80142180fbe5efb256bbf3bdf3edc https://github.com/uclouvain/openjpeg/commit/e1740e7ce79d0a1676db4da0f4189b64e85f52cb
Attempted fix in upstream commit c277159986c80142180fbe5efb256bbf3bdf3edc, which was reverted by commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb because it did not compile. The issue remains currently unfixed as of OpenJPEG 2.3.1.