Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/78927
http://www.openwall.com/lists/oss-security/2012/02/14/4