A vulnerability was found in jasper. A crafted file could cause a left shift of negative value. References: http://seclists.org/oss-sec/2017/q1/101
Created mingw-jasper tracking bugs for this issue: Affects: epel-7 [bug 1406409]
Created jasper tracking bugs for this issue: Affects: epel-5 [bug 1406406]
Upstream bug report: https://github.com/mdadams/jasper/issues/76 This issue has not been resolved upstream yet (the current upstream version is 2.0.12). Reporter's advisory: https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ Relevant information from the advisory: With the undefined behavior sanitizer enabled, jasper crashes showing some left shift and some signed integer overflow. ... Affected version / Tested on: 1.900.17 Fixed version: N/A Commit fix: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00030-jasper-leftshift-jp2_dec_c Relevant part of the stacktrace: # imginfo -f $FILE /tmp/portage/media-libs/jasper-1.900.17/work/jasper-1.900.17/src/libjasper/jp2/jp2_dec.c:485:49: runtime error: left shift of negative value -26 CVE: CVE-2017-5502
The important information form the advisory is that this crash only occurs when jasper is compiles with undefined behaviour sanitizer (ubsan) enabled. That is a development tool aimed to identify possible code bugs related to undefined behaviour. There is no crash as described by this CVE in builds not using ubsan. ubsan findings may indicate a relevant bug, but does not seem to have any other security impact.