Bacport of the upstream commit: From 74ea22a7a4fe186e0a0124df25e19739b77c4a29 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Mon, 19 Sep 2016 10:03:36 +0100 Subject: [PATCH] CVE-2016-1577 diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_icc.c jasper-1.900.1/src/libjasper/base/jas_icc.c --- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c 2017-03-24 13:58:54.000000000 +0100 +++ jasper-1.900.1/src/libjasper/base/jas_icc.c 2017-03-24 13:59:12.000000000 +0100 @@ -299,6 +299,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre if (jas_iccprof_setattr(prof, tagtabent->tag, attrval)) goto error; jas_iccattrval_destroy(attrval); + attrval = 0; } else { #if 0 jas_eprintf("warning: skipping unknown tag type\n");