diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2025-54874.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2025-54874.patch new file mode 100644 index 0000000000..187557a35c --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2025-54874.patch @@ -0,0 +1,44 @@ +From f809b80c67717c152a5ad30bf06774f00da4fd2d Mon Sep 17 00:00:00 2001 +From: Sebastian Rasmussen +Date: Thu, 16 Jan 2025 02:13:43 +0100 +Subject: [PATCH] opj_jp2_read_header: Check for error after parsing header. + +Consider the case where the caller has not set the p_image +pointer to NULL before calling opj_read_header(). + +If opj_j2k_read_header_procedure() fails while obtaining the rest +of the marker segment when calling opj_stream_read_data() because +the data stream is too short, then opj_j2k_read_header() will +never have the chance to initialize p_image, leaving it +uninitialized. + +opj_jp2_read_header() will check the p_image value whether +opj_j2k_read_header() suceeded or failed. This may be detected as +an error in valgrind or ASAN. + +The fix is to check whether opj_j2k_read_header() suceeded before +using the output argument p_image. + +CVE: CVE-2025-54874 +Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d] +Signed-off-by: Hitendra Prajapati +--- + src/lib/openjp2/jp2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c +index 4df055a5..da506318 100644 +--- a/src/lib/openjp2/jp2.c ++++ b/src/lib/openjp2/jp2.c +@@ -2873,7 +2873,7 @@ OPJ_BOOL opj_jp2_read_header(opj_stream_private_t *p_stream, + p_image, + p_manager); + +- if (p_image && *p_image) { ++ if (ret && p_image && *p_image) { + /* Set Image Color Space */ + if (jp2->enumcs == 16) { + (*p_image)->color_space = OPJ_CLRSPC_SRGB; +-- +2.50.1 + diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.3.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.3.bb index 6c383e3423..fff73ee46a 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.3.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.3.bb @@ -7,6 +7,7 @@ DEPENDS = "libpng tiff lcms zlib" SRC_URI = "git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \ file://0001-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \ + file://CVE-2025-54874.patch \ " SRCREV = "210a8a5690d0da66f02d49420d7176a21ef409dc"