Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
jasper.32090
jasper-CVE-2016-9396.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File jasper-CVE-2016-9396.patch of Package jasper.32090
From a10536d5f7f3164b0a1f1ae3e533f4a12ca6f543 Mon Sep 17 00:00:00 2001 From: Max Kellermann <max.kellermann@gmail.com> Date: Fri, 6 Oct 2017 19:15:22 +0200 Subject: [PATCH] jpc_cs: reject all but JPC_COX_INS and JPC_COX_RFT Fixes assertion failure JPC_NOMINALGAIN() which can be caused by a crafted JP2 file. Closes #50, #142 --- src/libjasper/jpc/jpc_cs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libjasper/jpc/jpc_cs.c b/src/libjasper/jpc/jpc_cs.c index f863b69..cec0c75 100644 --- a/src/libjasper/jpc/jpc_cs.c +++ b/src/libjasper/jpc/jpc_cs.c @@ -795,6 +795,9 @@ static int jpc_cox_getcompparms(jpc_ms_t *ms, jpc_cstate_t *cstate, if (compparms->numdlvls > 32) { goto error; } + if (compparms->qmfbid != JPC_COX_INS && + compparms->qmfbid != JPC_COX_RFT) + goto error; compparms->numrlvls = compparms->numdlvls + 1; if (compparms->numrlvls > JPC_MAXRLVLS) { goto error; -- 2.16.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor