Bug 1646647 (CVE-2018-18873)

Summary: CVE-2018-18873 jasper: NULL pointer dereference in ras_putdatastd() in ras_enc.c
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abhgupta, dbaker, erik-fedora, jokerman, jpopelka, jridky, mike, rjones, sthangav, trankin
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: jasper 2.0.17 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Jasper where, a denial of service caused by a NULL pointer dereference in the ras_putdatastd function within ras/ras_enc.c, caused by specially crafted file which can trigger this issue, leading the application to crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-23 13:32:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1646649, 1646650, 1646651, 1646652    
Bug Blocks: 1646653    

Description Laura Pardo 2018-11-05 19:45:00 UTC 
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. 


References:
https://github.com/mdadams/jasper/issues/184
Comment 1 Laura Pardo 2018-11-05 19:45:49 UTC 
Created jasper tracking bugs for this issue:

Affects: fedora-all [bug 1646649]


Created mingw-jasper tracking bugs for this issue:

Affects: epel-7 [bug 1646651]
Affects: fedora-all [bug 1646650]
Comment 5 Tomas Hoger 2020-04-23 12:35:53 UTC 
This affects not only versions 2.0.*, but also 1.900.*.  The problem remains unfixed in the currently latest upstream version 2.0.16.

This flaw exists in the code for writing image into the RAS (Sun Raster) format.  It does not affect the most typical uses of Jasper library to read JPEG2000 images.
Comment 7 Tomas Hoger 2020-12-11 21:51:46 UTC 
Upstream commit:

https://github.com/jasper-software/jasper/commit/12db8078ba17a8ffc5cc2429fb506988f0f11b44

Fixed upstream in jasper 2.0.17.