mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
openjpeg: fix CVE-2024-56827
CVE-2024-56827: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-56827] [https://github.com/uclouvain/openjpeg/issues/1564] Upstream patches: [https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
+33
@@ -0,0 +1,33 @@
|
|||||||
|
From b343d72eb4c4b776b4925b441d18abf6a20b42a7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Even Rouault <even.rouault@spatialys.com>
|
||||||
|
Date: Mon, 25 Nov 2024 22:02:54 +0100
|
||||||
|
Subject: [PATCH] opj_j2k_add_tlmarker(): validate that current tile-part
|
||||||
|
number if smaller that total number of tile-parts
|
||||||
|
|
||||||
|
Fixes #1564
|
||||||
|
|
||||||
|
CVE: CVE-2024-56827
|
||||||
|
Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8]
|
||||||
|
|
||||||
|
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
|
||||||
|
---
|
||||||
|
src/lib/openjp2/j2k.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
|
||||||
|
index 8e343ab2..08f771a5 100644
|
||||||
|
--- a/src/lib/openjp2/j2k.c
|
||||||
|
+++ b/src/lib/openjp2/j2k.c
|
||||||
|
@@ -8227,7 +8227,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ_UINT32 tileno,
|
||||||
|
if (type == J2K_MS_SOT) {
|
||||||
|
OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno;
|
||||||
|
|
||||||
|
- if (cstr_index->tile_index[tileno].tp_index) {
|
||||||
|
+ if (cstr_index->tile_index[tileno].tp_index &&
|
||||||
|
+ l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) {
|
||||||
|
cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.4
|
||||||
|
|
||||||
@@ -13,6 +13,7 @@ SRC_URI = " \
|
|||||||
file://CVE-2022-1122.patch \
|
file://CVE-2022-1122.patch \
|
||||||
file://CVE-2021-3575.patch \
|
file://CVE-2021-3575.patch \
|
||||||
file://0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch \
|
file://0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch \
|
||||||
|
file://0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch \
|
||||||
"
|
"
|
||||||
SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505"
|
SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505"
|
||||||
S = "${WORKDIR}/git"
|
S = "${WORKDIR}/git"
|
||||||
|
|||||||
Reference in New Issue
Block a user