Closed YourButterfly closed 4 years ago
CVE-2018-18873 was assigned for this issue.
The data array contains a NULL pointer. A perhaps too simplistic solution could be to check whether this is the case and then either continue or goto error. At least it mitigates against this issue.
https://gist.github.com/apoleon/eb4e396b510f2bb5a925660dab09be79
cool work @apoleon
Since this project has been mostly dead for several years, we created a fork which aims to fix all vulnerabilities (of which there are many). This bug will be fixed by https://github.com/jasper-maint/jasper/pull/38 (merge pending)
An issue was discovered in Jasper 2.0.14. There is a NULL pointer dereference at function ras_putdatastd
At the site of data define , the value of "numcmpts" is 1
command line
poc.zip