summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorZhang Peng <peng.zhang1.cn@windriver.com>2025-01-14 18:09:10 +0800
committerArmin Kuster <akuster808@gmail.com>2025-01-22 19:25:59 -0500
commit291fc3e7fc87ab62397b1e87c49bd79f87436235 (patch)
tree6ccb624671fe64befc3ef46f8eb0fbb8f6bf23e8
parent3749051d29bf546b0772583f4148a8000015febf (diff)
downloadmeta-openembedded-291fc3e7fc87ab62397b1e87c49bd79f87436235.tar.gz
openjpeg: fix CVE-2024-56827
CVE-2024-56827: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-56827] [https://github.com/uclouvain/openjpeg/issues/1564] Upstream patches: [https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat
-rw-r--r--meta-oe/recipes-graphics/openjpeg/openjpeg/0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch33
-rw-r--r--meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb1
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch
new file mode 100644
index 0000000000..f959a65d94
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch
@@ -0,0 +1,33 @@
1From b343d72eb4c4b776b4925b441d18abf6a20b42a7 Mon Sep 17 00:00:00 2001
2From: Even Rouault <even.rouault@spatialys.com>
3Date: Mon, 25 Nov 2024 22:02:54 +0100
4Subject: [PATCH] opj_j2k_add_tlmarker(): validate that current tile-part
5 number if smaller that total number of tile-parts
6
7Fixes #1564
8
9CVE: CVE-2024-56827
10Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8]
11
12Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
13---
14 src/lib/openjp2/j2k.c | 3 ++-
15 1 file changed, 2 insertions(+), 1 deletion(-)
16
17diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
18index 8e343ab2..08f771a5 100644
19--- a/src/lib/openjp2/j2k.c
20+++ b/src/lib/openjp2/j2k.c
21@@ -8227,7 +8227,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ_UINT32 tileno,
22 if (type == J2K_MS_SOT) {
23 OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno;
24
25- if (cstr_index->tile_index[tileno].tp_index) {
26+ if (cstr_index->tile_index[tileno].tp_index &&
27+ l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) {
28 cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos;
29 }
30
31--
322.39.4
33
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
index 9c0fe0e30f..871b324dff 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
@@ -13,6 +13,7 @@ SRC_URI = " \
13 file://CVE-2022-1122.patch \ 13 file://CVE-2022-1122.patch \
14 file://CVE-2021-3575.patch \ 14 file://CVE-2021-3575.patch \
15 file://0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch \ 15 file://0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch \
16 file://0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch \
16" 17"
17SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505" 18SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505"
18S = "${WORKDIR}/git" 19S = "${WORKDIR}/git"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-06-14 12:32:39 +0000