File jasper-CVE-2017-5499.patch of Package jasper.18194

Index: jasper-1.900.14/src/libjasper/jpc/jpc_cs.c
===================================================================
--- jasper-1.900.14.orig/src/libjasper/jpc/jpc_cs.c
+++ jasper-1.900.14/src/libjasper/jpc/jpc_cs.c
@@ -554,6 +554,10 @@ static int jpc_siz_getparms(jpc_ms_t *ms
 		}
 		siz->comps[i].sgnd = (tmp >> 7) & 1;
 		siz->comps[i].prec = (tmp & 0x7f) + 1;
+		if (siz->comps[i].prec > 38) {
+			jas_eprintf("invalid component bit depth %d\n", siz->comps[i].prec);
+			goto error;
+		}
 	}
 	if (jas_stream_eof(in)) {
 		goto error;
openSUSE Build Service is sponsored by