Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
openjpeg2 to version 2.1.2-1.1+deb9u6 or higher.