A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.
The OpenJpeg library is a reference implementation of JPEG2000 standard and is used by many popular PDF renderers. Most notably Poppler, MuPDF and Pdfium.
Due to an error while parsing mcc records in the jpeg2000 file, out of bounds memory can be accessed resulting in an erroneous read and write of adjacent heap area memory. Careful manipulation of heap layout and can lead to further heap metadata process memory corruption ultimately leading to code execution under attacker control.