Integer overflow in the opj_pi_create_decode function in pi.c in libopenjpeg-dev allows remote attackers to execute arbitrary code via a crafted JP2 file,which triggers an out-of-bounds read or write.