Memory leak in jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier was found, allowing remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.
1685 jas_iccprof_t *jas_iccprof_createfrombuf(uchar *buf, int len)
1687 jas_stream_t *in;
1688 jas_iccprof_t *prof;
1689 if (!(in = jas_stream_memopen(JAS_CAST(char *, buf), len)))
1690 goto error;
1691 if (!(prof = jas_iccprof_load(in)))
1692 goto error;
1694 return prof;
1696 return 0;
jas_stream_t allocated by the call to jas_stream_memopen() is leaked if jas_iccprof_load() fails on line 1691.
Public via (contains crash report):
Created mingw-jasper tracking bugs for this issue:
Affects: fedora-all [bug 1314474]
Affects: epel-7 [bug 1314476]
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1314473]
Affects: epel-5 [bug 1314475]
jasper-1.900.1-33.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
jasper-1.900.1-33.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Fix was integrated upstream in version 1.900.2:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:1208 https://access.redhat.com/errata/RHSA-2017:1208