Closed jubalh closed 4 years ago
The index v of lutents[v] will be negative if numlutents is smaller than 1. This causes the heap-based buffer overflow because the lutents[] starts at 0.
Regards CVE-2018-19541. Regards #182 bug#1 Fix by Markus Koschany apo@debian.org. From https://gist.github.com/apoleon/3e9d4e86c51d16c7e551a1cc538528b9
This patch can cause segfaults in some cases. https://github.com/mdadams/jasper/pull/211 is the proper fix for this CVE.
The index v of lutents[v] will be negative if numlutents is smaller than 1. This causes the heap-based buffer overflow because the lutents[] starts at 0.
Regards CVE-2018-19541. Regards #182 bug#1 Fix by Markus Koschany apo@debian.org. From https://gist.github.com/apoleon/3e9d4e86c51d16c7e551a1cc538528b9