61e069e164
Fixes: CVE-2016-2116 - Memory leak in jas_iccprof_createfrombuf causing memory consumption. CVE-2016-1577 - Double free vulnerability in jas_iccattrval_destroy. CVE-2016-1867 - out-of-bounds read in the jpc_pi_nextcprl() function. CVE-2015-5221 - Use-after-free and double-free flaws in Jasper JPEG-2000 library. CVE-2015-5203 - double free in jasper_image_stop_load() Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
17 lines
883 B
Diff
17 lines
883 B
Diff
From: http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2016-1867.patch
|
|
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
|
|
|
|
diff -urNp jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c jasper-1.900.1.new/src/libjasper/jpc/jpc_t2cod.c
|
|
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c 2016-08-11 14:34:31.795661973 +0200
|
|
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_t2cod.c 2016-08-12 07:02:40.044860209 +0200
|
|
@@ -429,7 +429,7 @@ static int jpc_pi_nextcprl(register jpc_
|
|
}
|
|
|
|
for (pi->compno = pchg->compnostart, pi->picomp =
|
|
- &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno,
|
|
+ &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
|
|
++pi->picomp) {
|
|
pirlvl = pi->picomp->pirlvls;
|
|
pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +
|