An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. References: https://github.com/mdadams/jasper/issues/182
Created jasper tracking bugs for this issue: Affects: fedora-all [bug 1658796] Created mingw-jasper tracking bugs for this issue: Affects: epel-7 [bug 1658798] Affects: fedora-all [bug 1658797]
Upstream commit: https://github.com/jasper-software/jasper/commit/839b1bcf0450ff036c28e8db40a7abf886e02891 Fixed upstream in jasper 2.0.17.