From 4f1f7f89f5ca3ea315a55ad16abdaaa3bdac79a5 Mon Sep 17 00:00:00 2001
From: Praveen Kumar <praveen.kumar@windriver.com>
Date: Thu, 18 Sep 2025 10:27:47 +0530
Subject: [PATCH] fix: CVE-2025-53644

OpenCV is an Open Source Computer Vision Library. Versions prior to
4.12.0 have an uninitialized pointer variable on stack that may lead
to arbitrary heap buffer write when reading crafted JPEG images.
Version 4.12.0 fixes the vulnerability.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-53644

Upstream-patch:
https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../opencv/opencv/CVE-2025-53644.patch        | 29 +++++++++++++++++++
 .../recipes-support/opencv/opencv_4.11.0.bb   |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta-oe/recipes-support/opencv/opencv/CVE-2025-53644.patch

diff --git a/meta-oe/recipes-support/opencv/opencv/CVE-2025-53644.patch b/meta-oe/recipes-support/opencv/opencv/CVE-2025-53644.patch
new file mode 100644
index 0000000000..671e91b616
--- /dev/null
+++ b/meta-oe/recipes-support/opencv/opencv/CVE-2025-53644.patch
@@ -0,0 +1,29 @@
+From a39db41390de546d18962ee1278bd6dbb715f466 Mon Sep 17 00:00:00 2001
+From: Alexander Smorkalov <alexander.smorkalov@opencv.ai>
+Date: Tue, 13 May 2025 08:56:14 +0300
+Subject: [PATCH] Cherry-pick OpenJPEG deconding status fix.
+
+CVE: CVE-2025-53644
+
+Upstream-Status: Backport [https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466]
+
+Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
+---
+ 3rdparty/openjpeg/openjp2/jp2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/3rdparty/openjpeg/openjp2/jp2.c b/3rdparty/openjpeg/openjp2/jp2.c
+index 6015190e1f..ab868bd7c1 100644
+--- a/3rdparty/openjpeg/openjp2/jp2.c
++++ b/3rdparty/openjpeg/openjp2/jp2.c
+@@ -2869,7 +2869,7 @@ OPJ_BOOL opj_jp2_read_header(opj_stream_private_t *p_stream,
+                               p_image,
+                               p_manager);
+
+-    if (p_image && *p_image) {
++    if (ret && p_image && *p_image) {
+         /* Set Image Color Space */
+         if (jp2->enumcs == 16) {
+             (*p_image)->color_space = OPJ_CLRSPC_SRGB;
+--
+2.40.0
diff --git a/meta-oe/recipes-support/opencv/opencv_4.11.0.bb b/meta-oe/recipes-support/opencv/opencv_4.11.0.bb
index 61dc681a39..22760551aa 100644
--- a/meta-oe/recipes-support/opencv/opencv_4.11.0.bb
+++ b/meta-oe/recipes-support/opencv/opencv_4.11.0.bb
@@ -35,6 +35,7 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv;branch=4.x;protocol=ht
            file://0008-Do-not-embed-build-directory-in-binaries.patch \
            file://0001-core-fixed-VSX-intrinsics-implementation.patch \
            file://0001-FROMLIST-Switch-to-static-instance-of-FastCV-on-Linux.patch \
+           file://CVE-2025-53644.patch \
            "
 SRC_URI:append:riscv64 = " file://0001-Use-Os-to-compile-tinyxml2.cpp.patch;patchdir=contrib"