fix CVE-2024-56827
This commit is contained in:
changtao
parent
ccb0313a64
commit
7225d2b65b
28
backport-CVE-2024-56827.patch
Normal file
28
backport-CVE-2024-56827.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From e492644fbded4c820ca55b5e50e598d346e850e8 Mon Sep 17 00:00:00 2001
|
||||
From: Even Rouault <even.rouault@spatialys.com>
|
||||
Date: Mon, 25 Nov 2024 22:02:54 +0100
|
||||
Subject: [PATCH] opj_j2k_add_tlmarker(): validate that current tile-part
|
||||
number if smaller that total number of tile-parts
|
||||
|
||||
Fixes #1564
|
||||
---
|
||||
src/lib/openjp2/j2k.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
|
||||
index 5df7940..3b2ade8 100644
|
||||
--- a/src/lib/openjp2/j2k.c
|
||||
+++ b/src/lib/openjp2/j2k.c
|
||||
@@ -7463,7 +7463,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ_UINT32 tileno,
|
||||
if (type == J2K_MS_SOT) {
|
||||
OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno;
|
||||
|
||||
- if (cstr_index->tile_index[tileno].tp_index) {
|
||||
+ if (cstr_index->tile_index[tileno].tp_index &&
|
||||
+ l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) {
|
||||
cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos;
|
||||
}
|
||||
|
||||
--
|
||||
2.46.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: openjpeg2
|
||||
Version: 2.3.1
|
||||
Release: 14
|
||||
Release: 15
|
||||
Summary: C-Library for JPEG 2000
|
||||
License: BSD and MIT
|
||||
URL: https://github.com/uclouvain/openjpeg
|
||||
@ -28,6 +28,7 @@ Patch6016: backport-CVE-2021-3575.patch
|
||||
Patch6017: backport-CVE-2022-1122.patch
|
||||
Patch6018: backport-CVE-2023-39328.patch
|
||||
Patch6019: backport-CVE-2024-56826.patch
|
||||
Patch6020: backport-CVE-2024-56827.patch
|
||||
|
||||
BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen
|
||||
|
||||
@ -104,6 +105,12 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
|
||||
%{_mandir}/man3/*.3*
|
||||
|
||||
%changelog
|
||||
* Tue Jan 7 2025 changtao <changtao@kylinos.cn> - 2.3.1-15
|
||||
- Type: CVE
|
||||
- CVE: CVE-2024-56827
|
||||
- SUG: NA
|
||||
- DESC: fix CVE-2024-56827
|
||||
|
||||
* Tue Jan 7 2025 zhangpan <zhangpan103@h-partners.com> - 2.3.1-14
|
||||
- fix CVE-2024-56826
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user