A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. Upstream bugs: https://github.com/mdadams/jasper/issues/93 https://github.com/mdadams/jasper/issues/94 Upstream patch: https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a
Acknowledgments: Name: Liu Bingchang (IIE)
Created mingw-jasper tracking bugs for this issue: Affects: fedora-all [bug 1399169] Affects: epel-7 [bug 1399171]
Created jasper tracking bugs for this issue: Affects: fedora-all [bug 1399168] Affects: epel-5 [bug 1399170]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2017:1208 https://access.redhat.com/errata/RHSA-2017:1208