Bug 1565333 (CVE-2018-9252) - CVE-2018-9252 jasper: reachable assertion in jpc_abstorelstepsize() in jpc_enc.c
Summary: CVE-2018-9252 jasper: reachable assertion in jpc_abstorelstepsize() in jpc_enc.c
Keywords:
Status: NEW
Alias: CVE-2018-9252
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1565335 1565334 1565336 1565337 1583042
Blocks: 1565338
TreeView+ depends on / blocked
 
Reported: 2018-04-09 20:46 UTC by Laura Pardo
Modified: 2021-03-23 23:38 UTC (History)
16 users (show)

Fixed In Version: jasper 2.0.17
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Laura Pardo 2018-04-09 20:46:15 UTC
A flaw was found in JasPer 2.0.14 which allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.


Reference:
https://github.com/mdadams/jasper/issues/173

Comment 1 Laura Pardo 2018-04-09 20:46:57 UTC
Created mingw-jasper tracking bugs for this issue:

Affects: fedora-all [bug 1565335]


Created jasper tracking bugs for this issue:

Affects: fedora-all [bug 1565334]


Created mingw-jasper tracking bugs for this issue:

Affects: epel-7 [bug 1565337]

Comment 3 Doran Moppert 2018-05-28 06:51:21 UTC
See also CVE-2018-9055 (bug 1561699), which is another assertion failure in the same call chain, strongly related to this one.

Comment 6 Doran Moppert 2018-05-28 06:55:29 UTC
Statement:

The following products are now in Extended Life Phase of the support and maintenance life cycle.
* Red Hat Enterprise Linux 5
* Red Hat Enterprise Virtualization 3
The following products are now in Maintenance Phase 2 of the support and maintenance life cycle.
* Red Hat Enterprise Linux 6
This issue is not currently planned to be addressed in future updates of these products.
For additional information, please refer to the Life Cycle and Update Policies:  https://access.redhat.com/support/policy/update_policies/

Comment 8 Tomas Hoger 2018-05-29 08:26:26 UTC
This problem is reproducible even in old version such as 1.900.2.  The issue remains unfixed in the latest upstream version 2.0.14.

This assertion is triggered during image encoding, e.g. when converting a specially-crafted image to a different format using jasper.  This lowers impact of this issue.

Comment 11 Tomas Hoger 2020-12-10 21:19:18 UTC
Upstream commit:

https://github.com/jasper-software/jasper/commit/6cd1e1d8aff56d0d86d4e7d1e7e3e4dd1c64b55d

The issue was fixed upstream in jasper 2.0.17.


Note You need to log in before you can comment on or make changes to this bug.