summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGyorgy Sarvari <skandigraun@gmail.com>2026-04-27 01:03:47 +1200
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-04-29 10:14:29 +0530
commit22a2ae9646208d251551a630445334735f54f9a5 (patch)
tree0c7981b660290ce9ba482d550f2ace99d0cae71a
parent383ff869536417d6a562fda8b1e268b27483ae1b (diff)
downloadmeta-openembedded-22a2ae9646208d251551a630445334735f54f9a5.tar.gz
openjpeg: patch CVE-2026-6192
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-6192 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 09050325e6e0736beccc40d125e56430054b7cb8) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
-rw-r--r--meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2026-6192.patch35
-rw-r--r--meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb1
2 files changed, 36 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2026-6192.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2026-6192.patch
new file mode 100644
index 0000000000..49be9bd0a6
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2026-6192.patch
@@ -0,0 +1,35 @@
1From 776b00ff792a3c54b65f3bd92dbe7476a5a54106 Mon Sep 17 00:00:00 2001
2From: Even Rouault <even.rouault@spatialys.com>
3Date: Sun, 5 Apr 2026 13:25:27 +0200
4Subject: [PATCH] opj_pi_initialise_encode() (write code path): avoid potential
5 integer overflow leading to insufficient memory allocation
6
7Fixes #1619
8
9CVE: CVE-2026-6192
10Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/839936aa33eb8899bbbd80fda02796bb65068951]
11Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
12---
13 src/lib/openjp2/pi.c | 9 ++++++---
14 1 file changed, 6 insertions(+), 3 deletions(-)
15
16diff --git a/src/lib/openjp2/pi.c b/src/lib/openjp2/pi.c
17index 15ac3314..4abb87af 100644
18--- a/src/lib/openjp2/pi.c
19+++ b/src/lib/openjp2/pi.c
20@@ -1694,9 +1694,12 @@ opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *p_image,
21 l_current_pi = l_pi;
22
23 /* memory allocation for include*/
24- l_current_pi->include_size = l_tcp->numlayers * l_step_l;
25- l_current_pi->include = (OPJ_INT16*) opj_calloc(l_current_pi->include_size,
26- sizeof(OPJ_INT16));
27+ l_current_pi->include = NULL;
28+ if (l_step_l <= UINT_MAX / l_tcp->numlayers) {
29+ l_current_pi->include_size = l_tcp->numlayers * l_step_l;
30+ l_current_pi->include = (OPJ_INT16*) opj_calloc(l_current_pi->include_size,
31+ sizeof(OPJ_INT16));
32+ }
33 if (!l_current_pi->include) {
34 opj_free(l_tmp_data);
35 opj_free(l_tmp_ptr);
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb
index d559cc9f7a..6dd3dd7542 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb
@@ -8,6 +8,7 @@ DEPENDS = "libpng tiff lcms zlib"
8SRC_URI = "git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \ 8SRC_URI = "git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \
9 file://0001-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \ 9 file://0001-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \
10 file://CVE-2023-39327.patch \ 10 file://CVE-2023-39327.patch \
11 file://CVE-2026-6192.patch \
11 " 12 "
12SRCREV = "6c4a29b00211eb0430fa0e5e890f1ce5c80f409f" 13SRCREV = "6c4a29b00211eb0430fa0e5e890f1ce5c80f409f"
13S = "${WORKDIR}/git" 14S = "${WORKDIR}/git"