An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c. References: https://github.com/mdadams/jasper/issues/182
Created jasper tracking bugs for this issue: Affects: fedora-all [bug 1658782] Created mingw-jasper tracking bugs for this issue: Affects: epel-7 [bug 1658784] Affects: fedora-all [bug 1658783]
https://github.com/mdadams/jasper/pull/198/files has the patch for CVE-2018-19540