File jasper-CVE-2018-18873.patch of Package jasper.18194

Index: jasper-1.900.14/src/libjasper/ras/ras_enc.c
===================================================================
--- jasper-1.900.14.orig/src/libjasper/ras/ras_enc.c
+++ jasper-1.900.14/src/libjasper/ras/ras_enc.c
@@ -232,6 +232,11 @@ static int ras_putdatastd(jas_stream_t *
 
 	assert(numcmpts <= 3);
 
+	if (RAS_ISRGB(hdr) && numcmpts < 3) {
+		/* need 3 components for RGB */
+		return -1;
+	}
+
 	for (i = 0; i < 3; ++i) {
 		data[i] = 0;
 	}
openSUSE Build Service is sponsored by