File jasper-CVE-2014-8138.patch of Package jasper
diff -ru jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c jasper-1.900.1/src/libjasper/jp2/jp2_cod.c
--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jp2/jp2_cod.c 2014-12-17 11:58:58.271398603 +0100
@@ -459,7 +459,8 @@
for (channo = 0; channo < cdef->numchans; ++channo) {
chan = &cdef->ents[channo];
if (jp2_getuint16(in, &chan->channo) || jp2_getuint16(in, &chan->type) ||
- jp2_getuint16(in, &chan->assoc)) {
+ jp2_getuint16(in, &chan->assoc) ||
+ chan->channo >= cdef->numchans ) {
return -1;
}
}