Debian Bug report logs - #413041
jasper: Heap corruption on malformed image input.

version graph

Package: libjasper-1.701-1; Maintainer for libjasper-1.701-1 is (unknown);

Reported by: Sami Liedes <>

Date: Thu, 1 Mar 2007 03:42:01 UTC

Severity: grave

Tags: etch, patch, sarge, security

Fixed in version jasper/1.900.1-3

Done: Roland Stigge <>

Bug is archived. No further changes may be made.

Full log

Message #88 received at (full text, mbox):

Received: (at 413041) by; 5 Apr 2007 23:40:57 +0000
From Thu Apr 05 23:40:56 2007
Return-path: <>
Received: from ([] ident=postfix)
	by with esmtp (Exim 4.50)
	id 1HZbZY-0006SJ-N4; Thu, 05 Apr 2007 23:40:56 +0000
Received: from localhost (localhost [])
	by (Postfix) with ESMTP id AFF2A1206C8;
	Fri,  6 Apr 2007 01:40:55 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([])
	by localhost ( []) (amavisd-new, port 10024)
	with ESMTP id QIeUqZVk0MpP; Fri,  6 Apr 2007 01:40:45 +0200 (CEST)
Received: by (Postfix, from userid 1000)
	id 1EE1F1206F4; Fri,  6 Apr 2007 01:40:40 +0200 (CEST)
Date: Fri, 6 Apr 2007 01:40:40 +0200
From: Sam Hocevar <>
Subject: Re: bug reproduces in standalone jasper
Message-ID: <>
References: <> <>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="KDt/GgjP6HVcx58l"
Content-Disposition: inline
In-Reply-To: <>
Mail-Copies-To: never
X-No-CC: I read mailing-lists; do not CC me on replies.
X-Snort: uid=0(root) gid=0(root)
User-Agent: Mutt/1.5.13 (2006-08-11)
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,VALID_BTS_CONTROL 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
[Message part 1 (text/plain, inline)]
tag 413041 +patch

On Tue, Mar 27, 2007, wrote:

> I don't know what went wrong the first time, I tried
> again and Electric Fence found it.  Please test.
> "It works for me" on both broken2.jp2 and broken4.jp2.

   Your patch works, with all broken*.jp2 files. Here is a slightly
better one that checks the numstepsizes value a bit before and returns
an error instead of using assert().

[patch-libjasper-stepsizes-overflow.diff (text/x-diff, attachment)]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Thu Apr 17 20:02:38 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.