Control: severity -1 important While I understand the this generic heap based buffer overflow ought to be fixed in Debian stable, I fail to see why it is marked as affecting stretch.
Here is what I see: $ bin/opj_compress -r 20,10,1 -jpip -EPH -SOP -cinema2K 24 -n 1 -i /tmp/00322-openjpeg-heapoverflow-opj_t2_encode_packet.tif -o null.j2k CINEMA 2K profile activated Other options specified could be overridden TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order. TIFFReadDirectory: Warning, Unknown field with tag 27154 (0x6a12) encountered. TIFFReadDirectory: Warning, Unknown field with tag 32512 (0x7f00) encountered. TIFFReadDirectory: Warning, Unknown field with tag 15163 (0x3b3b) encountered. TIFFReadDirectory: Warning, Unknown field with tag 15318 (0x3bd6) encountered. TIFFFetchNormalTag: Warning, Incorrect count for "FillOrder"; tag ignored. TIFFReadDirectory: Warning, TIFF directory is missing required "StripByteCounts" field, calculating from imagelength. WARNING: Input image bitdepth is 4 bits TIF conversion has automatically rescaled to 12-bits to comply with cinema profiles. [WARNING] JPEG 2000 Profile-3 and 4 (2k/4k dc profile) requires: 1 single quality layer-> Number of layers forced to 1 (rather than 3) opj_compress: /home/mathieu/debian/openjpeg2/sec/openjpeg2-2.1.2/src/lib/openjp2/j2k.c:6672: opj_j2k_setup_encoder: Assertion `res_spec>0' failed. -> Rate of the last layer (1.0) will be used[1] 22262 abort bin/opj_compress -r 20,10,1 -jpip -EPH -SOP -cinema2K 24 -n 1 -i -o null.j2k So the code describe in the bug report is not even reached. Downgrading to severity important.
