Description: CVE-2016-2116: Prevent jas_stream_t memory leak in jas_iccprof_createfrombuf() Origin: vendor, http://www.openwall.com/lists/oss-security/2016/03/03/12 Bug-Debian: https://bugs.debian.org/816626 Forwarded: not-needed Author: Tyler Hicks Reviewed-by: Salvatore Bonaccorso Last-Update: 2016-03-05 --- a/src/libjasper/base/jas_icc.c +++ b/src/libjasper/base/jas_icc.c @@ -1693,6 +1693,8 @@ jas_iccprof_t *jas_iccprof_createfrombuf jas_stream_close(in); return prof; error: + if (in) + jas_stream_close(in); return 0; }