An assertion failure was used in JPC bitstream code when integer larger than what can be handled is requested.
Created mingw-jasper tracking bugs for this issue:
Affects: fedora-all [bug 1396987]
Affects: epel-7 [bug 1396989]
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1396986]
Affects: epel-5 [bug 1396988]
Original reporter's advisory:
Upstream bug report:
Impact of this problem is limited to unexpected application termination. There is currently no plan to backport the fix to already released Red Hat Enterprise Linux versions.
Quoting relevant part of the original reporter's advisory for posterity:
type = 0xff05 (UNKNOWN); len = 20;01 40 40 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 imginfo: /tmp/portage/media-libs/jasper-1.900.13/work/jasper-1.900.13/src/libjasper/jpc/jpc_bs.c:197: long jpc_bitstream_getbits(jpc_bitstream_t *, int): Assertion `n >= 0 && n < 32' failed.
Re-considering inclusion for easier future testing.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:1208 https://access.redhat.com/errata/RHSA-2017:1208