The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."
Gentoo Linux Security Advisory 201206-6 - A vulnerability in OpenJPEG could result in execution of arbitrary code. Versions less than 1.5.0 are affected.