Bug 1565333 (CVE-2018-9252)
Summary: | CVE-2018-9252 jasper: reachable assertion in jpc_abstorelstepsize() in jpc_enc.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | bmcclain, cfergeau, eedri, erik-fedora, jpopelka, jridky, lsurette, mgoldboi, michal.skrivanek, mike, rh-spice-bugs, rjones, sbonazzo, sherold, srevivo, ykaul |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | jasper 2.0.17 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-21 20:00:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1565334, 1565335, 1565336, 1565337, 1583042 | ||
Bug Blocks: | 1565338 |
Description
Laura Pardo
2018-04-09 20:46:15 UTC
Created mingw-jasper tracking bugs for this issue: Affects: fedora-all [bug 1565335] Created jasper tracking bugs for this issue: Affects: fedora-all [bug 1565334] Created mingw-jasper tracking bugs for this issue: Affects: epel-7 [bug 1565337] See also CVE-2018-9055 (bug 1561699), which is another assertion failure in the same call chain, strongly related to this one. Statement: The following products are now in Extended Life Phase of the support and maintenance life cycle. * Red Hat Enterprise Linux 5 * Red Hat Enterprise Virtualization 3 The following products are now in Maintenance Phase 2 of the support and maintenance life cycle. * Red Hat Enterprise Linux 6 This issue is not currently planned to be addressed in future updates of these products. For additional information, please refer to the Life Cycle and Update Policies: https://access.redhat.com/support/policy/update_policies/ This problem is reproducible even in old version such as 1.900.2. The issue remains unfixed in the latest upstream version 2.0.14. This assertion is triggered during image encoding, e.g. when converting a specially-crafted image to a different format using jasper. This lowers impact of this issue. Upstream commit: https://github.com/jasper-software/jasper/commit/6cd1e1d8aff56d0d86d4e7d1e7e3e4dd1c64b55d The issue was fixed upstream in jasper 2.0.17. |