1658791 – (CVE-2018-19542) CVE-2018-19542 jasper: invalid access in jp2_decode in libjasper/jp2/jp2_dec.c

Bug 1658791 (CVE-2018-19542) - CVE-2018-19542 jasper: invalid access in jp2_decode in libjasper/jp2/jp2_dec.c

Summary: CVE-2018-19542 jasper: invalid access in jp2_decode in libjasper/jp2/jp2_dec.c

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-19542
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1658792 1658793 1658794 1660966 1660971 1660976
Blocks:	1658799
TreeView+	depends on / blocked

Reported:	2018-12-12 20:50 UTC by Laura Pardo
Modified:	2021-10-27 03:21 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-27 03:21:58 UTC
Embargoed:

Attachments	(Terms of Use)

Description Laura Pardo 2018-12-12 20:50:49 UTC

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. 


References:
https://github.com/mdadams/jasper/issues/182

Comment 1 Laura Pardo 2018-12-12 20:51:14 UTC

Created jasper tracking bugs for this issue:

Affects: fedora-all [bug 1658792]


Created mingw-jasper tracking bugs for this issue:

Affects: epel-7 [bug 1658794]
Affects: fedora-all [bug 1658793]

Comment 2 Stefan Cornelius 2018-12-19 16:59:06 UTC

Not really a NULL ptr deref, but it can end up using garbage memory and the outcome can look like it is

Note You need to log in before you can comment on or make changes to this bug.