Bug 2258400 (CVE-2023-51257)

Summary: CVE-2023-51257 jasper: Invalid memory write
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw in jasper was discovered where an invalid memory write occurred due to the absence of a proper range check in the JPC encoder.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2258402, 2258403    
Bug Blocks: 2258399    

Description Rohit Keshri 2024-01-15 05:55:01 UTC 
A flaw was found due to invalid memory write in jasper due to missing range check in the JPC encoder.

Refer:
https://bugs.gentoo.org/922075
Comment 1 Rohit Keshri 2024-01-15 05:56:48 UTC 
Created jasper tracking bugs for this issue:

Affects: fedora-all [bug 2258402]


Created mingw-jasper tracking bugs for this issue:

Affects: fedora-all [bug 2258403]
Comment 3 Sandipan Roy 2024-01-18 06:53:33 UTC 
https://github.com/jasper-software/jasper/commit/aeef5293c978158255ad4f127089644745602f2a