There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a denial of service attack.
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1434464]
Created mingw-jasper tracking bugs for this issue:
Affects: epel-7 [bug 1434465]
Affects: fedora-all [bug 1434467]
Reported upstream now via:
There is no bug in jas_strdup() as originally claimed, and only a fairly minor issue in the imginfo tool related to jas_strdup(), as the tool does not de-init Jasper library properly on errors. That does not really matter, as the program exits immediately.
The real problem seems to be a lack of proper release of memory used to store image tile data when image decoding fails. There's also an open merge request upstream that aims to address this problem by calling jpc_dec_tilefini() from jpc_dec_destroy():
However, the problem remains unfixed in the current upstream version 2.0.14.
The issue was fixed upstream in jasper 2.0.17.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):