| Description |
A security issue was found in jasper up to version 2.0.22. It is possible that an image processed by jasper along with crafted rlvl input could set resolution levels above max, which could cause a heap buffer overflow in the loop near tccp->prcwidthexpns[rlvlno] = prcwidthexpn; in the cp_create() routine of /src/libjasper/jpc/jpc_enc.c. Because prcwidthexpn and prcheightexpn can also be controlled by data obtained from the crafted input, it leaves potential for exploitation surrounding arbitrary writes. |