helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

openjpeg: fix CVE-2024-56827

Browse Source 
CVE-2024-56827:
A flaw was found in the OpenJPEG project. A heap buffer overflow
condition may be triggered when certain options are specified while
using the opj_decompress utility. This can lead to an application crash
or other undefined behavior.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-56827]
[https://github.com/uclouvain/openjpeg/issues/1564]

Upstream patches:
[e492644fbd]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Zhang Peng 2025-01-14 18:09:10 +08:00 committed by Armin Kuster
parent 3749051d29
commit 291fc3e7fc
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
meta-oe/recipes-graphics/openjpeg/openjpeg/0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch Normal file
View File

@ -0,0 +1,33 @@
From b343d72eb4c4b776b4925b441d18abf6a20b42a7 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 25 Nov 2024 22:02:54 +0100
Subject: [PATCH] opj_j2k_add_tlmarker(): validate that current tile-part
number if smaller that total number of tile-parts
Fixes #1564
CVE: CVE-2024-56827
Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
---
src/lib/openjp2/j2k.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 8e343ab2..08f771a5 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -8227,7 +8227,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ_UINT32 tileno,
if (type == J2K_MS_SOT) {
OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno;
- if (cstr_index->tile_index[tileno].tp_index) {
+ if (cstr_index->tile_index[tileno].tp_index &&
+ l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) {
cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos;
}
--
2.39.4

1
meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
View File

@ -13,6 +13,7 @@ SRC_URI = " \
file://CVE-2022-1122.patch \
file://CVE-2021-3575.patch \
file://0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch \
file://0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch \
"
SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505"
S = "${WORKDIR}/git"