The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free."
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | < 524f29d78c9bdeb49f31f5b0376a07d2fc5cf563 |