61e069e164
Fixes: CVE-2016-2116 - Memory leak in jas_iccprof_createfrombuf causing memory consumption. CVE-2016-1577 - Double free vulnerability in jas_iccattrval_destroy. CVE-2016-1867 - out-of-bounds read in the jpc_pi_nextcprl() function. CVE-2015-5221 - Use-after-free and double-free flaws in Jasper JPEG-2000 library. CVE-2015-5203 - double free in jasper_image_stop_load() Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
19 lines
692 B
Diff
19 lines
692 B
Diff
Description: CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy()
|
|
Author: Tyler Hicks <tyhicks () canonical com>
|
|
Bug-Ubuntu: https://launchpad.net/bugs/1547865
|
|
|
|
From: http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-1577.patch
|
|
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
|
|
|
|
--- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_icc.c
|
|
+++ jasper-1.900.1-debian1/src/libjasper/base/jas_icc.c
|
|
@@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre
|
|
if (jas_iccprof_setattr(prof, tagtabent->tag, attrval))
|
|
goto error;
|
|
jas_iccattrval_destroy(attrval);
|
|
+ attrval = 0;
|
|
} else {
|
|
#if 0
|
|
jas_eprintf("warning: skipping unknown tag type\n");
|