There were missing sanity checks in jpc_siz_getparms. Upstream patch: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 CVE assignment: http://seclists.org/oss-sec/2016/q4/441
Created mingw-jasper tracking bugs for this issue: Affects: fedora-all [bug 1396987] Affects: epel-7 [bug 1396989]
Created jasper tracking bugs for this issue: Affects: fedora-all [bug 1396986] Affects: epel-5 [bug 1396988]
*** This bug has been marked as a duplicate of bug 1396971 ***