Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.
openjpeg2 to version 2.1.2-1.1 or higher.