A boundary error in the NCSEcw.dll module when decompressing Enhanced Compressed Wavelet images can be exploited to cause a heap-based buffer overflow via a specially crafted ECW file. Proof of concept included.
2b805ba8e0fb396319306ee83628841d7255eb906f045dd4b7bcf89a37a9e721