File jasper-CVE-2018-19541.patch of Package jasper.11505
Index: jasper-1.900.14/src/libjasper/jp2/jp2_cod.c
===================================================================
--- jasper-1.900.14.orig/src/libjasper/jp2/jp2_cod.c
+++ jasper-1.900.14/src/libjasper/jp2/jp2_cod.c
@@ -856,6 +856,11 @@ static int jp2_pclr_getdata(jp2_box_t *b
jp2_getuint8(in, &pclr->numchans)) {
return -1;
}
+
+ // verify in range data as per I.5.3.4 - Palette box
+ if (pclr->numchans < 1 || pclr->numlutents < 1 || pclr->numlutents > 1024)
+ return -1;
+
lutsize = pclr->numlutents * pclr->numchans;
if (!(pclr->lutdata = jas_alloc2(lutsize, sizeof(int_fast32_t)))) {
return -1;