Description: CVE-2014-8157: dec->numtiles off-by-one check in jpc_dec_process_sot() Origin: vendor, http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8157.patch Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179282 Bug-Debian: https://bugs.debian.org/775970 Forwarded: not-needed Author: Salvatore Bonaccorso <carnil@debian.org> Last-Update: 2015-01-22 --- a/src/libjasper/jpc/jpc_dec.c +++ b/src/libjasper/jpc/jpc_dec.c @@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t dec->curtileendoff = 0; } - if (JAS_CAST(int, sot->tileno) > dec->numtiles) { + if (JAS_CAST(int, sot->tileno) >= dec->numtiles) { jas_eprintf("invalid tile number in SOT marker segment\n"); return -1; }