summaryrefslogtreecommitdiff
path: root/package/jasper/0008-fix-CVE-2016-2116.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/jasper/0008-fix-CVE-2016-2116.patch')
-rw-r--r--package/jasper/0008-fix-CVE-2016-2116.patch18
1 files changed, 18 insertions, 0 deletions
diff --git a/package/jasper/0008-fix-CVE-2016-2116.patch b/package/jasper/0008-fix-CVE-2016-2116.patch
new file mode 100644
index 000000000..1ceb3952c
--- /dev/null
+++ b/package/jasper/0008-fix-CVE-2016-2116.patch
@@ -0,0 +1,18 @@
+Description: Prevent jas_stream_t memory leak in jas_iccprof_createfrombuf()
+Author: Tyler Hicks <tyhicks () canonical com>
+
+From: http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-2116.patch
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+--- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_icc.c
++++ jasper-1.900.1-debian1/src/libjasper/base/jas_icc.c
+@@ -1693,6 +1693,8 @@ jas_iccprof_t *jas_iccprof_createfrombuf
+ jas_stream_close(in);
+ return prof;
+ error:
++ if (in)
++ jas_stream_close(in);
+ return 0;
+ }
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-27 10:01:53 +0000