A heap-based buffer overflow has been discovered in OpenJPEG in the function color_apply_icc_profile, while applying the color transformation. An application that uses OpenJPEG to parse untrusted images may be vulnerable to this flaw, which would allow an attacker to crash the application or potentially execute code.
If the application accepts untrusted images there is no known mitigation apart from applying the patch.