Package: openjpeg2 | Debian Sources

Package: openjpeg2 / 2.3.0-2+deb10u2

Metadata

Package	Version	Patches format
openjpeg2	2.3.0-2+deb10u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
multiarch_path.patch \| (download)	cmake/OpenJPEGConfig.cmake.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	upstream did not handle multi-arch installation path It naively assumed the include location to be two levels above the lib installation.
java9.patch \| (download)	src/bin/jpip/CMakeLists.txt \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	java9
CVE 2017 17480.patch \| (download)	src/bin/jp3d/convert.c \| 4 2 + 2 - 0 ! src/bin/jpwl/convert.c \| 2 1 + 1 - 0 ! 2 files changed, 3 insertions(+), 3 deletions(-)	jp3d/jpwl convert: fix write stack buffer overflow Missing buffer length formatter in fscanf call might lead to write stack buffer overflow.
CVE 2018 14423.patch \| (download)	src/lib/openjp3d/pi.c \| 24 24 + 0 - 0 ! 1 file changed, 24 insertions(+)	jp3d: avoid divisions by zero / undefined behaviour on shift
CVE 2018 18088.patch \| (download)	src/bin/jp2/convert.c \| 5 5 + 0 - 0 ! 1 file changed, 5 insertions(+)	jp2: convert: fix null pointer dereference Tile components in a JP2 image might have null data pointer by defining a zero component size (for example using large horizontal or vertical sampling periods). This null data pointer leads to null image component data pointer, causing crash when dereferenced without != null check in imagetopnm. . Add != null check.
CVE 2018 5785.patch \| (download)	src/bin/jp2/convertbmp.c \| 21 21 + 0 - 0 ! 1 file changed, 21 insertions(+)	convertbmp: fix issues with zero bitmasks In the case where a BMP file declares compression 3 (BI_BITFIELDS) with header size <= 56, all bitmask values keep their initialization value 0. This may lead to various undefined behavior later e.g. when doing 1 << (l_comp->prec - 1). . This issue does not affect files with bit count 16 because of a check added in 16240e2 which sets default values to the color masks if they are all 0. . This commit adds similar checks for the 32 bit case. . Also, if a BMP file declares compression 3 with header size >= 56 and intentional 0 bitmasks, the same issue will be triggered in both the 16 and 32 bit count case. . This commit adds checks to bmp_read_info_header() rejecting BMP files with "intentional" 0 bitmasks. These checks might be removed in the future when proper handling of zero bitmasks will be available in openjpeg2.
CVE 2018 6616.patch \| (download)	src/bin/jp2/convertbmp.c \| 12 10 + 2 - 0 ! 1 file changed, 10 insertions(+), 2 deletions(-)	convertbmp: detect invalid file dimensions early width/length dimensions read from bmp headers are not necessarily valid. For instance they may have been maliciously set to very large values with the intention to cause DoS (large memory allocation, stack overflow). In these cases we want to detect the invalid size as early as possible. . This commit introduces a counter which verifies that the number of written bytes corresponds to the advertized width/length.
CVE 2018 21010.patch \| (download)	src/bin/common/color.c \| 12 12 + 0 - 0 ! 1 file changed, 12 insertions(+)	color_apply_icc_profile: avoid potential heap buffer overflow
CVE 2018 20847.patch \| (download)	src/lib/openjp2/pi.c \| 17 9 + 8 - 0 ! 1 file changed, 9 insertions(+), 8 deletions(-)	fix integer overflow in opj_get_encoding_parameters This bug is known at three places in the source code: opj_get_all_encoding_parameters() and opj_tcd_init_tile() in pi.c and tcd.c (both fixed _before_ the release of 2.1.2), and opj_get_encoding_parameters() in pi.c. This patch addresses the issue in opj_get_encoding_parameters().
CVE 2020 27814.patch \| (download)	src/lib/openjp2/tcd.c \| 10 8 + 2 - 0 ! 1 file changed, 8 insertions(+), 2 deletions(-)	[patch] encoder: grow again buffer size in opj_tcd_code_block_enc_allocate_data() (fixes #1283)
CVE 2020 27823.patch \| (download)	src/bin/jp2/convertpng.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	[patch] pngtoimage(): fix wrong computation of x1,y1 if -d option is used, that would result in a heap buffer overflow (fixes #1284)
CVE 2020 27841.patch \| (download)	src/lib/openjp2/pi.c \| 49 32 + 17 - 0 ! src/lib/openjp2/pi.h \| 10 8 + 2 - 0 ! src/lib/openjp2/t2.c \| 4 2 + 2 - 0 ! 3 files changed, 42 insertions(+), 21 deletions(-)	[patch] pi.c: avoid out of bounds access with poc (refs https://github.com/uclouvain/openjpeg/issues/1293#issuecomment-737122836)
CVE 2020 27842.patch \| (download)	src/lib/openjp2/t2.c \| 9 9 + 0 - 0 ! 1 file changed, 9 insertions(+)	[patch] opj_t2_encode_packet(): avoid out of bound access of #1294, but likely not the proper fix
CVE 2020 27843.patch \| (download)	src/lib/openjp2/t2.c \| 9 9 + 0 - 0 ! 1 file changed, 9 insertions(+)	[patch] opj_t2_encode_packet(): avoid out of bound access of #1297, but likely not the proper fix
CVE 2020 27845.patch \| (download)	src/lib/openjp2/pi.c \| 25 23 + 2 - 0 ! 1 file changed, 23 insertions(+), 2 deletions(-)	[patch] pi.c: avoid out of bounds access with poc (fixes #1302)
CVE 2020 27824.patch \| (download)	src/lib/openjp2/dwt.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] encoder: avoid global buffer overflow on irreversible conversion when too many decomposition levels are specified (fixes #1286)
CVE 2020 15389.patch \| (download)	src/bin/jp2/opj_decompress.c \| 8 4 + 4 - 0 ! 1 file changed, 4 insertions(+), 4 deletions(-)	[patch] opj_decompress: fix double-free on input directory with mix of valid and invalid images (CVE-2020-15389)
CVE 2020 8112.patch \| (download)	src/lib/openjp2/tcd.c \| 20 18 + 2 - 0 ! 1 file changed, 18 insertions(+), 2 deletions(-)	[patch] opj_tcd_init_tile(): avoid integer overflow That could lead to later assertion failures. Fixes #1231 / CVE-2020-8112
CVE 2020 6851.patch \| (download)	src/lib/openjp2/j2k.c \| 8 8 + 0 - 0 ! 1 file changed, 8 insertions(+)	---

1