helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

openjpeg: patch CVE-2023-39327

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327

Take the patch that is used by OpenSUSE to mitigate this vulnerability.
Upstream seems to be unresponsive to this issue.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2026-02-23 20:18:44 +01:00 committed by Khem Raj
parent 1f70d339eb
commit f059dcebc3
No known key found for this signature in database
GPG Key ID: BB053355919D3314
2 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch Normal file
View File

@ -0,0 +1,50 @@
From a3504b2484cf7443c547037511c40f59aff8ae5a Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Mon, 23 Feb 2026 17:22:18 +0100
Subject: [PATCH] CVE-2023-39327
This patch fixes CVE-2023-39327.
This patch comes from OpenSuse:
https://build.opensuse.org/projects/openSUSE:Factory/packages/openjpeg2/files/openjpeg2-cve-2023-39327-limit-iterations.patch
Upstream seems to unresponsive to this vulnerability.
Upstream-Status: Inactive-Upstream [inactive, when it comes to CVEs]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/lib/openjp2/t2.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
index 4e8cf601..ad39cd74 100644
--- a/src/lib/openjp2/t2.c
+++ b/src/lib/openjp2/t2.c
@@ -441,6 +441,8 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd,
* and no l_img_comp->resno_decoded are computed
*/
OPJ_BOOL* first_pass_failed = NULL;
+ OPJ_UINT32 l_packet_count = 0;
+ OPJ_UINT32 l_max_packets = 100000;
if (l_current_pi->poc.prg == OPJ_PROG_UNKNOWN) {
/* TODO ADE : add an error */
@@ -457,6 +459,17 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd,
while (opj_pi_next(l_current_pi)) {
OPJ_BOOL skip_packet = OPJ_FALSE;
+
+ /* CVE-2023-39327: Check for excessive packet iterations */
+ if (++l_packet_count > l_max_packets) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "Excessive packet iterations detected (>%u). Possible malformed stream.\n",
+ l_max_packets);
+ opj_pi_destroy(l_pi, l_nb_pocs);
+ opj_free(first_pass_failed);
+ return OPJ_FALSE;
+ }
+
JAS_FPRINTF(stderr,
"packet offset=00000166 prg=%d cmptno=%02d rlvlno=%02d prcno=%03d lyrno=%02d\n\n",
l_current_pi->poc.prg1, l_current_pi->compno, l_current_pi->resno,

1
meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb
View File

@ -7,6 +7,7 @@ DEPENDS = "libpng tiff lcms zlib"
SRC_URI = "git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \
file://0001-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \
file://CVE-2023-39327.patch \
"
SRCREV = "6c4a29b00211eb0430fa0e5e890f1ce5c80f409f"