An assert that can be triggered by crafted input file was found in jpc_dec_tiledecode(). Upstream patch: https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d CVE assignment: http://seclists.org/oss-sec/2016/q4/216
Created mingw-jasper tracking bugs for this issue: Affects: fedora-all [bug 1388874] Affects: epel-7 [bug 1388876]
Created jasper tracking bugs for this issue: Affects: fedora-all [bug 1388873] Affects: epel-5 [bug 1388875]
Upstream bug report, including test case: https://github.com/mdadams/jasper/issues/32
Impact of this problem is limited to unexpected application termination. There is currently no plan to backport the fix to already released Red Hat Enterprise Linux versions.
Re-considering inclusion for easier future testing.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2017:1208 https://access.redhat.com/errata/RHSA-2017:1208