An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0 when the binary is built with -DBUILD_MJ2=On option. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. References: https://github.com/uclouvain/openjpeg/issues/1088 Patch: https://github.com/kbabioch/openjpeg/commit/6d8c0c06ee32dc03ba80acd48334e98728e56cf5