JasPer 2.0.13 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c. Upstream issue: https://github.com/mdadams/jasper/issues/147
Created jasper tracking bugs for this issue: Affects: fedora-all [bug 1434464] Created mingw-jasper tracking bugs for this issue: Affects: epel-7 [bug 1434465] Affects: fedora-all [bug 1434467]
This issue remains unfixed in upstream version 2.0.14.
Reopenning - sorry, wrong report to close.