A vulnerability was found in the way the JasPer's jpc_pi_nextcprl() function parses certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. Report with the reproducer attached: http://seclists.org/oss-sec/2016/q1/84
Created mingw-jasper tracking bugs for this issue: Affects: epel-7 [bug 1298137] Affects: fedora-all [bug 1298139]
Created jasper tracking bugs for this issue: Affects: epel-5 [bug 1298136] Affects: fedora-all [bug 1298138]
jasper-1.900.1-33.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
jasper-1.900.1-33.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Fix was integrated upstream in version 1.900.2: https://github.com/mdadams/jasper/commit/980da43d8d388a67cac505e734423b2a5aa4cede
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2017:1208 https://access.redhat.com/errata/RHSA-2017:1208