Fix CVE-2014-8157 (dec->numtiles off-by-one check in jpc_dec_process_sot()). Copied from Fedora. http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/tree/jasper-CVE-2014-8157.patch https://bugzilla.redhat.com/show_bug.cgi?id=1179282 diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 jasper-1.900.1/src/libjasper/jpc/jpc_dec.c --- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 2015-01-19 16:59:36.000000000 +0100 +++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2015-01-19 17:07:41.609863268 +0100 @@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t dec->curtileendoff = 0; } - if (JAS_CAST(int, sot->tileno) > dec->numtiles) { + if (JAS_CAST(int, sot->tileno) >= dec->numtiles) { jas_eprintf("invalid tile number in SOT marker segment\n"); return -1; }