packages/openjpeg2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!128 fix CVE-2024-56827

Browse Source 
From: @changtao615 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
This commit is contained in:
openeuler-ci-bot 2025-01-09 07:34:06 +00:00 committed by Gitee
commit 4308a44687
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
backport-CVE-2024-56827.patch Normal file
View File

@ -0,0 +1,28 @@
From e492644fbded4c820ca55b5e50e598d346e850e8 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 25 Nov 2024 22:02:54 +0100
Subject: [PATCH] opj_j2k_add_tlmarker(): validate that current tile-part
number if smaller that total number of tile-parts
Fixes #1564
---
src/lib/openjp2/j2k.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 5df7940..3b2ade8 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -7463,7 +7463,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ_UINT32 tileno,
if (type == J2K_MS_SOT) {
OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno;
- if (cstr_index->tile_index[tileno].tp_index) {
+ if (cstr_index->tile_index[tileno].tp_index &&
+ l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) {
cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos;
}
--
2.46.0

9
openjpeg2.spec
View File

@ -1,6 +1,6 @@
Name: openjpeg2 Name: openjpeg2
Version: 2.3.1 Version: 2.3.1
Release: 14 Release: 15
Summary: C-Library for JPEG 2000 Summary: C-Library for JPEG 2000
License: BSD and MIT License: BSD and MIT
URL: https://github.com/uclouvain/openjpeg URL: https://github.com/uclouvain/openjpeg
@ -28,6 +28,7 @@ Patch6016: backport-CVE-2021-3575.patch
Patch6017: backport-CVE-2022-1122.patch Patch6017: backport-CVE-2022-1122.patch
Patch6018: backport-CVE-2023-39328.patch Patch6018: backport-CVE-2023-39328.patch
Patch6019: backport-CVE-2024-56826.patch Patch6019: backport-CVE-2024-56826.patch
Patch6020: backport-CVE-2024-56827.patch
BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen
@ -104,6 +105,12 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
%{_mandir}/man3/*.3* %{_mandir}/man3/*.3*
%changelog %changelog
* Tue Jan 7 2025 changtao <changtao@kylinos.cn> - 2.3.1-15
- Type: CVE
- CVE: CVE-2024-56827
- SUG: NA
- DESC: fix CVE-2024-56827
* Tue Jan 7 2025 zhangpan <zhangpan103@h-partners.com> - 2.3.1-14 * Tue Jan 7 2025 zhangpan <zhangpan103@h-partners.com> - 2.3.1-14
- fix CVE-2024-56826 - fix CVE-2024-56826