The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | v25.03 version |
| n/a | n/a | <= 6.5.* |