Divide by zero vulnerability was found in jpc_dec_process_siz triggered by invoking imginfo command on sp ecially crafted file. Upstream patch: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 CVE assignment: http://www.openwall.com/lists/oss-security/2016/10/16/14
Created mingw-jasper tracking bugs for this issue: Affects: fedora-all [bug 1385517] Affects: epel-7 [bug 1385519]
Created jasper tracking bugs for this issue: Affects: fedora-all [bug 1385516] Affects: epel-5 [bug 1385518]
Merging CVE-2016-8691 and CVE-2016-8692 issues into a single bug, as they really should have got a single CVE id. *** This bug has been marked as a duplicate of bug 1385502 ***