There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a denial of service attack.
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1434464]
Created mingw-jasper tracking bugs for this issue:
Affects: epel-7 [bug 1434465]
Affects: fedora-all [bug 1434467]
Reported upstream via:
This issue remains unfixed in the current upstream version 2.0.14.
*** Bug 1610135 has been marked as a duplicate of this bug. ***
The issue was fixed upstream in jasper 2.0.17.