A NULL pointer dereference flaw was found in the way openjpeg decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. Upstream bug: https://github.com/uclouvain/openjpeg/issues/863 Upstream patch: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d Note that the above patch fixes two issues: CVE-2016-9573 as well as CVE-2016-9572.
Acknowledgments: Name: Liu Bingchang (IIE)
Created mingw-openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1402721] Created mingw-openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1402720] Created openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1402719] Created openjpeg2 tracking bugs for this issue: Affects: epel-6 [bug 1402722] Affects: fedora-all [bug 1402718]
openjpeg-1 is not affected by this issue.