A vulnerability was found in jasper. A crafted file could cause a crash via invalid exponent shift.
Created mingw-jasper tracking bugs for this issue:
Affects: epel-7 [bug 1406409]
Created jasper tracking bugs for this issue:
Affects: epel-5 [bug 1406406]
Upstream bug report:
This issue has not been resolved upstream yet (the current upstream version is 2.0.12).
Relevant information from the advisory:
With the undefined behavior sanitizer enabled, jasper crashes showing some left shift and some signed integer overflow.
Affected version / Tested on: 1.900.17
Fixed version: N/A
Commit fix: N/A
Relevant part of the stacktrace:
# imginfo -f $FILE
/tmp/portage/media-libs/jasper-1.900.17/work/jasper-1.900.17/src/libjasper/jpc/jpc_dec.c:1819:40: runtime error: shift exponent 117 is too large for 64-bit type 'jpc_fix_t' (aka 'long')
The important information form the advisory is that this crash only occurs when jasper is compiles with undefined behaviour sanitizer (ubsan) enabled. That is a development tool aimed to identify possible code bugs related to undefined behaviour. There is no crash as described by this CVE in builds not using ubsan.