0009-fix-CVE-2016-1577.patch
692 Bytes
Description: CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy()
Author: Tyler Hicks <tyhicks () canonical com>
Bug-Ubuntu: https://launchpad.net/bugs/1547865
From: http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-1577.patch
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
--- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_icc.c
+++ jasper-1.900.1-debian1/src/libjasper/base/jas_icc.c
@@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre
if (jas_iccprof_setattr(prof, tagtabent->tag, attrval))
goto error;
jas_iccattrval_destroy(attrval);
+ attrval = 0;
} else {
#if 0
jas_eprintf("warning: skipping unknown tag type\n");