Red Hat Bugzilla – Bug 240397
CVE-2007-2721: jasper DoS, heap corruption
Last modified: 2008-09-08 08:25:56 EDT
"The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000
library (libjasper) before 1.900 allows remote user-assisted attackers to cause
a denial of service (crash) and possibly corrupt the heap via malformed image
files, as originally demonstrated using imagemagick convert."
Appears to affect 1.900.1 too.
* Wed May 23 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-2
- CVE-2007-2721 (#240397)
Built most everywhere, except F7+, pending F7 release and update mechanism.
F7 security update requested.
Queued fixed FC-5, FC-6 builds as well, I was wrong before, had only done
epel-4, epel-5 builds.