mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

jasper: patch CVE-2023-51257

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-51257

Pick the patch that's marked to solve the issue linked in the
nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2025-11-23 18:43:06 +01:00
parent 89e6b49f2d
commit 163eb9faca
2 changed files with 43 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch
+40
View File
@@ -0,0 +1,40 @@
From b19a51001e681d6c4bbc32b43bd425dee7f2caff Mon Sep 17 00:00:00 2001
From: Michael Adams <mdadams@ece.uvic.ca>
Date: Thu, 14 Dec 2023 19:04:19 -0800
Subject: [PATCH] Fixes #367.
Fixed an integer-overflow bug in the ICC profile parsing code.
Added another invalid image to the test set.
CVE: CVE-2023-51257
Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/aeef5293c978158255ad4f127089644745602f2a]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/libjasper/base/jas_icc.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/libjasper/base/jas_icc.c b/src/libjasper/base/jas_icc.c
index 905b823..7e69bd4 100644
--- a/src/libjasper/base/jas_icc.c
+++ b/src/libjasper/base/jas_icc.c
@@ -1295,10 +1295,20 @@ static int jas_icctxt_input(jas_iccattrval_t *attrval, jas_stream_t *in,
{
jas_icctxt_t *txt = &attrval->data.txt;
txt->string = 0;
+ /* The string must at least contain a single null character. */
+ if (cnt < 1) {
+ goto error;
+ }
if (!(txt->string = jas_malloc(cnt)))
goto error;
if (jas_stream_read(in, txt->string, cnt) != cnt)
goto error;
+ /* Ensure that the string is null terminated. */
+ if (txt->string[cnt - 1] != '\0') {
+ goto error;
+ }
+ /* The following line is redundant, unless we do not enforce that
+ the last character must be null. */
txt->string[cnt - 1] = '\0';
if (strlen(txt->string) + 1 != cnt)
goto error;
meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
+3 -1
View File
@@ -3,7 +3,9 @@ HOMEPAGE = "https://jasper-software.github.io/jasper/"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb"
SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master"
SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master \
file://CVE-2023-51257.patch \
"
SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"
CVE_CHECK_IGNORE += "\