An assertion failure was possible to trigger in jpc_dequantize.
Created mingw-jasper tracking bugs for this issue:
Affects: fedora-all [bug 1396987]
Affects: epel-7 [bug 1396989]
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1396986]
Affects: epel-5 [bug 1396988]
Original reporter's advisory:
Relevant part of the advisory:
type = 0xff76 (UNKNOWN); len = 20;00 40 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
imginfo: /tmp/portage/media-libs/jasper-1.900.13/work/jasper-1.900.13/src/libjasper/jpc/jpc_dec.c:1817: void jpc_dequantize(jas_matrix_t *, jpc_fix_t): Assertion `absstepsize >= 0′ failed.
Upstream bug report:
The reproducer does not work against recent jasper versions. However, that only seems to be a side effect of a different fix causing jasper to abort image parsing earlier, rather than actually being fixed.
Remains unfixed in 2.0.11.