packages/openjpeg2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!126 fix CVE-2024-56827

Browse Source 
Merge pull request !126 from changtao/openEuler-24.03-LTS
This commit is contained in:
openeuler-ci-bot 2025-01-09 07:34:46 +00:00 committed by Gitee
commit dd66ecb1cc
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
backport-CVE-2024-56827.patch Normal file
View File

@ -0,0 +1,28 @@
From e492644fbded4c820ca55b5e50e598d346e850e8 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 25 Nov 2024 22:02:54 +0100
Subject: [PATCH] opj_j2k_add_tlmarker(): validate that current tile-part
number if smaller that total number of tile-parts
Fixes #1564
---
src/lib/openjp2/j2k.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index bcce316..dce786e 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -8362,7 +8362,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ_UINT32 tileno,
if (type == J2K_MS_SOT) {
OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno;
- if (cstr_index->tile_index[tileno].tp_index) {
+ if (cstr_index->tile_index[tileno].tp_index &&
+ l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) {
cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos;
}
--
2.46.0

9
openjpeg2.spec
View File

@ -2,7 +2,7 @@
Name: openjpeg2 Name: openjpeg2
Version: 2.5.0 Version: 2.5.0
Release: 6 Release: 7
Summary: C-Library for JPEG 2000 Summary: C-Library for JPEG 2000
License: BSD and MIT License: BSD and MIT
URL: https://github.com/uclouvain/openjpeg URL: https://github.com/uclouvain/openjpeg
@ -12,6 +12,7 @@ Patch0: openjpeg2_opj2.patch
Patch1: backport-CVE-2023-39328.patch Patch1: backport-CVE-2023-39328.patch
Patch2: backport-CVE-2021-3575.patch Patch2: backport-CVE-2021-3575.patch
Patch3: backport-CVE-2024-56826.patch Patch3: backport-CVE-2024-56826.patch
Patch4: backport-CVE-2024-56827.patch
BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel
BuildRequires: jbigkit-devel libjpeg-turbo-devel BuildRequires: jbigkit-devel libjpeg-turbo-devel
@ -102,6 +103,12 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
%{_bindir}/opj2_dump %{_bindir}/opj2_dump
%changelog %changelog
* Tue Jan 7 2025 changtao <changtao@kylinos.cn> - 2.5.0-7
- Type: CVE
- CVE: CVE-2024-56827
- SUG: NA
- DESC: fix CVE-2024-56827
* Tue Jan 7 2025 zhangpan <zhangpan103@h-partners.com> - 2.5.0-6 * Tue Jan 7 2025 zhangpan <zhangpan103@h-partners.com> - 2.5.0-6
- fix CVE-2024-56826 - fix CVE-2024-56826