An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1658782]
Created mingw-jasper tracking bugs for this issue:
Affects: epel-7 [bug 1658784]
Affects: fedora-all [bug 1658783]
https://github.com/mdadams/jasper/pull/198/files has the patch for CVE-2018-19540