Overview

File jasper-CVE-2018-19541.patch of Package jasper

Index: jasper-version-2.0.16/src/libjasper/jp2/jp2_cod.c
===================================================================
--- jasper-version-2.0.16.orig/src/libjasper/jp2/jp2_cod.c
+++ jasper-version-2.0.16/src/libjasper/jp2/jp2_cod.c
@@ -855,6 +855,12 @@ static int jp2_pclr_getdata(jp2_box_t *b
 	  jp2_getuint8(in, &pclr->numchans)) {
 		return -1;
 	}
+
+	// verify in range data as per I.5.3.4 - Palette box
+	if (pclr->numchans < 1 || pclr->numlutents < 1 || pclr->numlutents > 1024) {
+		return -1;
+	}
+	
 	lutsize = pclr->numlutents * pclr->numchans;
 	if (!(pclr->lutdata = jas_alloc2(lutsize, sizeof(int_fast32_t)))) {
 		return -1;
openSUSE Build Service is sponsored by
Places