openjpeg: patch CVE-2023-39327

Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327 Take the patch that is used by OpenSUSE to mitigate this vulnerability. Upstream seems to be unresponsive to this issue. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2026-02-23 20:18:44 +0100
committer: Khem Raj <raj.khem@gmail.com> 2026-02-24 22:30:28 -0800
commit: f059dcebc394548069295be1cb0ee1ccf50a5c78 (patch)
tree: fb9f7fd98ed04e8371a80c915381ab5848acf30c
parent: 1f70d339eb3d3f4897f3eef91ae86fd915cbfa8c (diff)
download: meta-openembedded-f059dcebc394548069295be1cb0ee1ccf50a5c78.tar.gz
2 files changed, 51 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch
new file mode 100644
index 0000000000..05e504a18e
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch
@@ -0,0 +1,50 @@
+From a3504b2484cf7443c547037511c40f59aff8ae5a Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Mon, 23 Feb 2026 17:22:18 +0100
+Subject: [PATCH] CVE-2023-39327
+This patch fixes CVE-2023-39327.
+This patch comes from OpenSuse:
+https://build.opensuse.org/projects/openSUSE:Factory/packages/openjpeg2/files/openjpeg2-cve-2023-39327-limit-iterations.patch
+Upstream seems to unresponsive to this vulnerability.
+Upstream-Status: Inactive-Upstream [inactive, when it comes to CVEs]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/lib/openjp2/t2.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
+index 4e8cf601..ad39cd74 100644
+--- a/src/lib/openjp2/t2.c
+++ b/src/lib/openjp2/t2.c
+@@ -441,6 +441,8 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd,
+          * and no l_img_comp->resno_decoded are computed
+          */
+         OPJ_BOOL* first_pass_failed = NULL;
+        OPJ_UINT32 l_packet_count = 0;
+        OPJ_UINT32 l_max_packets = 100000;
+ 
+         if (l_current_pi->poc.prg == OPJ_PROG_UNKNOWN) {
+             /* TODO ADE : add an error */
+@@ -457,6 +459,17 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd,
+ 
+         while (opj_pi_next(l_current_pi)) {
+             OPJ_BOOL skip_packet = OPJ_FALSE;
+            
+            /* CVE-2023-39327: Check for excessive packet iterations */
+            if (++l_packet_count > l_max_packets) {
+                opj_event_msg(p_manager, EVT_ERROR,
+                              "Excessive packet iterations detected (>%u). Possible malformed stream.\n",
+                              l_max_packets);
+                opj_pi_destroy(l_pi, l_nb_pocs);
+                opj_free(first_pass_failed);
+                return OPJ_FALSE;
+            }
+            
+             JAS_FPRINTF(stderr,
+                         "packet offset=00000166 prg=%d cmptno=%02d rlvlno=%02d prcno=%03d lyrno=%02d\n\n",
+                         l_current_pi->poc.prg1, l_current_pi->compno, l_current_pi->resno,
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb
index 6d7d87f5f1..33dc48b2ea 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb
@@ -7,6 +7,7 @@ DEPENDS = "libpng tiff lcms zlib"
 SRC_URI = "git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \
           file://0001-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \
+           file://CVE-2023-39327.patch \
           "
 SRCREV = "6c4a29b00211eb0430fa0e5e890f1ce5c80f409f"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2026-02-23 20:18:44 +0100
committer	Khem Raj <raj.khem@gmail.com>	2026-02-24 22:30:28 -0800
commit	f059dcebc394548069295be1cb0ee1ccf50a5c78 (patch)
tree	fb9f7fd98ed04e8371a80c915381ab5848acf30c
parent	1f70d339eb3d3f4897f3eef91ae86fd915cbfa8c (diff)
download	meta-openembedded-f059dcebc394548069295be1cb0ee1ccf50a5c78.tar.gz

diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch new file mode 100644 index 0000000000..05e504a18e --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch
@@ -0,0 +1,50 @@
		1	From a3504b2484cf7443c547037511c40f59aff8ae5a Mon Sep 17 00:00:00 2001
		2	From: Gyorgy Sarvari <skandigraun@gmail.com>
		3	Date: Mon, 23 Feb 2026 17:22:18 +0100
		4	Subject: [PATCH] CVE-2023-39327
		5
		6	This patch fixes CVE-2023-39327.
		7
		8	This patch comes from OpenSuse:
		9	https://build.opensuse.org/projects/openSUSE:Factory/packages/openjpeg2/files/openjpeg2-cve-2023-39327-limit-iterations.patch
		10
		11	Upstream seems to unresponsive to this vulnerability.
		12
		13	Upstream-Status: Inactive-Upstream [inactive, when it comes to CVEs]
		14
		15	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		16	---
		17	src/lib/openjp2/t2.c \| 13 +++++++++++++
		18	1 file changed, 13 insertions(+)
		19
		20	diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
		21	index 4e8cf601..ad39cd74 100644
		22	--- a/src/lib/openjp2/t2.c
		23	+++ b/src/lib/openjp2/t2.c
		24	@@ -441,6 +441,8 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd,
		25	* and no l_img_comp->resno_decoded are computed
		26	*/
		27	OPJ_BOOL* first_pass_failed = NULL;
		28	+ OPJ_UINT32 l_packet_count = 0;
		29	+ OPJ_UINT32 l_max_packets = 100000;
		30
		31	if (l_current_pi->poc.prg == OPJ_PROG_UNKNOWN) {
		32	/* TODO ADE : add an error */
		33	@@ -457,6 +459,17 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd,
		34
		35	while (opj_pi_next(l_current_pi)) {
		36	OPJ_BOOL skip_packet = OPJ_FALSE;
		37	+
		38	+ /* CVE-2023-39327: Check for excessive packet iterations */
		39	+ if (++l_packet_count > l_max_packets) {
		40	+ opj_event_msg(p_manager, EVT_ERROR,
		41	+ "Excessive packet iterations detected (>%u). Possible malformed stream.\n",
		42	+ l_max_packets);
		43	+ opj_pi_destroy(l_pi, l_nb_pocs);
		44	+ opj_free(first_pass_failed);
		45	+ return OPJ_FALSE;
		46	+ }
		47	+
		48	JAS_FPRINTF(stderr,
		49	"packet offset=00000166 prg=%d cmptno=%02d rlvlno=%02d prcno=%03d lyrno=%02d\n\n",
		50	l_current_pi->poc.prg1, l_current_pi->compno, l_current_pi->resno,


diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb index 6d7d87f5f1..33dc48b2ea 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb
@@ -7,6 +7,7 @@ DEPENDS = "libpng tiff lcms zlib"
7		7
8	SRC_URI = "git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \	8	SRC_URI = "git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \
9	file://0001-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \	9	file://0001-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \
		10	file://CVE-2023-39327.patch \
10	"	11	"
11	SRCREV = "6c4a29b00211eb0430fa0e5e890f1ce5c80f409f"	12	SRCREV = "6c4a29b00211eb0430fa0e5e890f1ce5c80f409f"
12		13