Package: openjpeg2 | Debian Sources

Package: openjpeg2 / 2.1.2-1.1+deb9u4

Metadata

Package	Version	Patches format
openjpeg2	2.1.2-1.1+deb9u4	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
multiarch_path.patch \| (download)	cmake/OpenJPEGConfig.cmake.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	upstream did not handle multi-arch installation path It naively assumed the include location to be two levels above the lib installation.
CVE 2016 9572_CVE 2016 9573.patch \| (download)	src/bin/jp2/convert.c \| 59 53 + 6 - 0 ! src/bin/jp2/convertbmp.c \| 29 28 + 1 - 0 ! src/bin/jp2/opj_decompress.c \| 2 1 + 1 - 0 ! src/lib/openjp2/j2k.c \| 11 8 + 3 - 0 ! 4 files changed, 90 insertions(+), 11 deletions(-)	[patch] changes for issues #863 and #862
c22cbd8bdf8ff2ae372f94391a4be2d322b36b41.patch \| (download)	src/bin/jp2/convert.c \| 10 10 + 0 - 0 ! src/lib/openjp2/image.c \| 8 7 + 1 - 0 ! 2 files changed, 17 insertions(+), 1 deletion(-)	[patch] avoid heap buffer overflow in function pnmtoimage of convert.c, and unsigned integer overflow in opj_image_create() (CVE-2016-9118, #861)
3fbe71369019df0b47c7a2be4fab8c05768f2f32.patch \| (download)	src/lib/openjp2/j2k.c \| 4 4 + 0 - 0 ! src/lib/openjp2/tcd.c \| 16 14 + 2 - 0 ! 2 files changed, 18 insertions(+), 2 deletions(-)	[patch] opj_tcd_get_decoded_tile_size(): fix potential uint32 overflow (#854, CVE-2016-5152) Fix derived from https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e/third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch
11445eddad7e7fa5b273d1c83c91011c44e5d586.patch \| (download)	src/lib/openjp2/pi.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	[patch] opj_pi_update_decode_poc(): limit layno1 to the number of layers (CVE-2016-1626 and CVE-2016-1628, #850) This has been recently fixed in a less elegant way per 80818c39f5bfbac37768fcee95b0ffeceaa77264
397f62c0a838e15d667ef50e27d5d011d2c79c04.patch \| (download)	src/lib/openjp2/tcd.c \| 4 3 + 1 - 0 ! 1 file changed, 3 insertions(+), 1 deletion(-)	[patch] fix write heap buffer overflow in opj_mqc_byteout(). Discovered by Ke Liu of Tencent's Xuanwu LAB (#835)
CVE 2017 14039.patch \| (download)	src/lib/openjp2/j2k.c \| 20 16 + 4 - 0 ! 1 file changed, 16 insertions(+), 4 deletions(-)	mix of 4241ae6fbbf1de9658764a80944dc8108f2b4154 and c535531f03369623b9b833ef41952c62257b507e (partial)
2cd30c2b06ce332dede81cccad8b334cde997281.patch \| (download)	src/bin/jp2/convert.c \| 40 28 + 12 - 0 ! 1 file changed, 28 insertions(+), 12 deletions(-)	[patch] tgatoimage(): avoid excessive memory allocation attempt, and fixes unaligned load (#995)
e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch \| (download)	src/bin/jp2/convert.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	[patch] pgxtoimage(): fix write stack buffer overflow (#997)
afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch \| (download)	src/lib/openjp2/tcd.c \| 7 5 + 2 - 0 ! 1 file changed, 5 insertions(+), 2 deletions(-)	[patch] encoder: grow buffer size in opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in opj_mqc_flush (#982)
dcac91b8c72f743bda7dbfa9032356bc8110098a.patch \| (download)	src/lib/openjp2/j2k.c \| 24 20 + 4 - 0 ! 1 file changed, 20 insertions(+), 4 deletions(-)	[patch] opj_j2k_write_sot(): fix potential write heap buffer overflow (#991)
CVE 2017 17480.patch \| (download)	src/bin/jp3d/convert.c \| 2 1 + 1 - 0 ! src/bin/jpwl/convert.c \| 2 1 + 1 - 0 ! 2 files changed, 2 insertions(+), 2 deletions(-)	jp3d/jpwl convert: fix write stack buffer overflow Missing buffer length formatter in fscanf call might lead to write stack buffer overflow. Add missing formatters.
CVE 2018 18088.patch \| (download)	src/bin/jp2/convert.c \| 5 5 + 0 - 0 ! 1 file changed, 5 insertions(+)	jp2: convert: fix null pointer dereference Tile components in a JP2 image might have null data pointer by defining a zero component size (for example using large horizontal or vertical sampling periods). This null data pointer leads to null image component data pointer, causing crash when dereferenced without != null check in imagetopnm. . Add != null check.
CVE 2018 6616.patch \| (download)	src/bin/jp2/convertbmp.c \| 12 10 + 2 - 0 ! 1 file changed, 10 insertions(+), 2 deletions(-)	convertbmp: detect invalid file dimensions early width/length dimensions read from bmp headers are not necessarily valid. For instance they may have been maliciously set to very large values with the intention to cause DoS (large memory allocation, stack overflow). In these cases we want to detect the invalid size as early as possible. . This commit introduces a counter which verifies that the number of written bytes corresponds to the advertized width/length.
CVE 2018 14423.patch \| (download)	src/lib/openjp3d/pi.c \| 24 24 + 0 - 0 ! 1 file changed, 24 insertions(+)	avoid divisions by zero / undefined behaviour on shift (cve-2018-14423)
CVE 2018 5785.patch \| (download)	src/bin/jp2/convertbmp.c \| 20 20 + 0 - 0 ! 1 file changed, 20 insertions(+)	convertbmp: integer overflow (cve-2018-5785)
CVE 2018 21010.patch \| (download)	src/bin/common/color.c \| 12 12 + 0 - 0 ! 1 file changed, 12 insertions(+)	color_apply_icc_profile: avoid potential heap buffer overflow
CVE 2018 20847.patch \| (download)	src/lib/openjp2/pi.c \| 13 9 + 4 - 0 ! 1 file changed, 9 insertions(+), 4 deletions(-)	fix integer overflow in opj_get_encoding_parameters This bug is known at three places in the source code: opj_get_all_encoding_parameters() and opj_tcd_init_tile() in pi.c and tcd.c (both fixed _before_ the release of 2.1.2), and opj_get_encoding_parameters() in pi.c. This patch addresses the issue in opj_get_encoding_parameters().
CVE 2016 9112.patch \| (download)	src/lib/openjp2/pi.c \| 33 33 + 0 - 0 ! 1 file changed, 33 insertions(+)	fix division by zero and undefined behavior on shift in pi.c

1