A vulnerability was found in the way the JasPer's jpc_pi_nextcprl() function parses certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
Report with the reproducer attached:
Created mingw-jasper tracking bugs for this issue:
Affects: epel-7 [bug 1298137]
Affects: fedora-all [bug 1298139]
Created jasper tracking bugs for this issue:
Affects: epel-5 [bug 1298136]
Affects: fedora-all [bug 1298138]
jasper-1.900.1-33.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
jasper-1.900.1-33.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Fix was integrated upstream in version 1.900.2:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:1208 https://access.redhat.com/errata/RHSA-2017:1208