This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is a part of the JPEG 2000 module. A malformed JPEG 200 input code stream leads to flawed quantization computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. |