Red Hat Bugzilla – Bug 1472888
CVE-2017-1000050 jasper: NULL pointer exception in jp2_encode()
Last modified: 2018-06-04 16:49:55 EDT
JasPer is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1434464]
Created mingw-jasper tracking bugs for this issue:
Affects: epel-7 [bug 1434465]
Affects: fedora-all [bug 1434467]
Upstream bug report:
The fix is included in version 2.0.13.
This bug is in encoder, therefore applications that only use jasper to read JPEG2000 images are not affected, it only affects applications that read untrusted images and convert them to JPEG2000 format using jasper.