mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

jasper: patch CVE-2025-8836

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8836

Pick the patch that is referenced by the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2025-11-23 18:43:08 +01:00
parent 95ecb0c563
commit 42058c8120
2 changed files with 79 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8836.patch
+78
View File
@@ -0,0 +1,78 @@
From 0e045908b1fec6748688cbc13bd3dc3703ddb17e Mon Sep 17 00:00:00 2001
From: Michael Adams <mdadams@ece.uvic.ca>
Date: Sat, 2 Aug 2025 18:00:39 -0700
Subject: [PATCH] Fixes #401.
JPEG-2000 (JPC) Encoder:
- Added some missing range checking on several coding parameters
(e.g., precint width/height and codeblock width/height).
CVE: CVE-2025-8836
Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/79185d32d7a444abae441935b20ae4676b3513d4]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/libjasper/jpc/jpc_enc.c | 30 ++++++++++++++++++++++++------
src/libjasper/jpc/jpc_t2dec.c | 3 ++-
2 files changed, 26 insertions(+), 7 deletions(-)
diff --git a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c
index 93013f9..c957e3f 100644
--- a/src/libjasper/jpc/jpc_enc.c
+++ b/src/libjasper/jpc/jpc_enc.c
@@ -474,18 +474,36 @@ static jpc_enc_cp_t *cp_create(const char *optstr, jas_image_t *image)
cp->tileheight = atoi(jas_tvparser_getval(tvp));
break;
case OPT_PRCWIDTH:
- prcwidthexpn = jpc_floorlog2(atoi(jas_tvparser_getval(tvp)));
+ i = atoi(jas_tvparser_getval(tvp));
+ if (i <= 0) {
+ jas_eprintf("invalid precinct width (%d)\n", i);
+ goto error;
+ }
+ prcwidthexpn = jpc_floorlog2(i);
break;
case OPT_PRCHEIGHT:
- prcheightexpn = jpc_floorlog2(atoi(jas_tvparser_getval(tvp)));
+ i = atoi(jas_tvparser_getval(tvp));
+ if (i <= 0) {
+ jas_eprintf("invalid precinct height (%d)\n", i);
+ goto error;
+ }
+ prcheightexpn = jpc_floorlog2(i);
break;
case OPT_CBLKWIDTH:
- tccp->cblkwidthexpn =
- jpc_floorlog2(atoi(jas_tvparser_getval(tvp)));
+ i = atoi(jas_tvparser_getval(tvp));
+ if (i <= 0) {
+ jas_eprintf("invalid code block width (%d)\n", i);
+ goto error;
+ }
+ tccp->cblkwidthexpn = jpc_floorlog2(i);
break;
case OPT_CBLKHEIGHT:
- tccp->cblkheightexpn =
- jpc_floorlog2(atoi(jas_tvparser_getval(tvp)));
+ i = atoi(jas_tvparser_getval(tvp));
+ if (i <= 0) {
+ jas_eprintf("invalid code block height (%d)\n", i);
+ goto error;
+ }
+ tccp->cblkheightexpn = jpc_floorlog2(i);
break;
case OPT_MODE:
if ((tagid = jas_taginfo_nonull(jas_taginfos_lookup(modetab,
diff --git a/src/libjasper/jpc/jpc_t2dec.c b/src/libjasper/jpc/jpc_t2dec.c
index e52b549..6e1f1f7 100644
--- a/src/libjasper/jpc/jpc_t2dec.c
+++ b/src/libjasper/jpc/jpc_t2dec.c
@@ -337,7 +337,8 @@ static int jpc_dec_decodepkt(jpc_dec_t *dec, jas_stream_t *pkthdrstream, jas_str
const unsigned n = JAS_MIN((unsigned)numnewpasses, maxpasses);
mycounter += n;
numnewpasses -= n;
- if ((len = jpc_bitstream_getbits(inb, cblk->numlenbits + jpc_floorlog2(n))) < 0) {
+ if ((len = jpc_bitstream_getbits(inb,
+ cblk->numlenbits + jpc_floorlog2(n))) < 0) {
jpc_bitstream_close(inb);
return -1;
}
meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
+1
View File
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb"
SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master \
file://CVE-2023-51257.patch \
file://CVE-2025-8835.patch \
file://CVE-2025-8836.patch \
"
SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"