File jasper-CVE-2018-18873.patch of Package jasper
Index: jasper-2.0.14/src/libjasper/ras/ras_enc.c =================================================================== --- jasper-2.0.14.orig/src/libjasper/ras/ras_enc.c +++ jasper-2.0.14/src/libjasper/ras/ras_enc.c @@ -232,6 +232,11 @@ static int ras_putdatastd(jas_stream_t * assert(numcmpts <= 3); + if (RAS_ISRGB(hdr) && numcmpts < 3) { + /* need 3 components for RGB */ + return -1; + } + for (i = 0; i < 3; ++i) { data[i] = 0; }