A vulnerability was found in jasper. A crafted file could cause a left shift of negative value.
Created mingw-jasper tracking bugs for this issue:
Affects: epel-7 [bug 1406409]
Created jasper tracking bugs for this issue:
Affects: epel-5 [bug 1406406]
Upstream bug report:
This issue has not been resolved upstream yet (the current upstream version is 2.0.12).
Relevant information from the advisory:
With the undefined behavior sanitizer enabled, jasper crashes showing some left shift and some signed integer overflow.
Affected version / Tested on: 1.900.17
Fixed version: N/A
Commit fix: N/A
Relevant part of the stacktrace:
# imginfo -f $FILE
/tmp/portage/media-libs/jasper-1.900.17/work/jasper-1.900.17/src/libjasper/include/jasper/jas_math.h:156:11: runtime error: left shift of negative value -185
The important information form the advisory is that this crash only occurs when jasper is compiles with undefined behaviour sanitizer (ubsan) enabled. That is a development tool aimed to identify possible code bugs related to undefined behaviour. There is no crash as described by this CVE in builds not using ubsan.