From ${URL} : We find a vulnerability in the way JasPer's jas_matrix_create() function parsed certain JPEG 2000 image files. jas_matrix_t *jas_matrix_create(int numrows, int numcols) { ....... if (matrix->maxrows_ > 0) { if (!(matrix->rows_ = jas_malloc(matrix->maxrows_ * sizeof(jas_seqent_t *)))) { ................ matrix->maxrows_ > 0 ,but matrix->maxrows_ *sizeof(jas_seqent_t *) can cause Integer overflow. Reported by Qihoo 360 Codesafe Team POC: https://bugzilla.redhat.com/attachment.cgi?id=1109156 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This is fixed in the latest jasper-1.900.6 We will stabilize it.
New GLSA Request filed. Arches and Maintainer(s), Thank you for your work.
This issue was resolved and addressed in GLSA 201707-07 at https://security.gentoo.org/glsa/201707-07 by GLSA coordinator Thomas Deutschmann (whissi).