Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 832007 (CVE-2021-3575)

Summary: <media-libs/openjpeg-2.5.2: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb
Product: Gentoo Security Reporter: Thomas Bracht Laumann Jespersen <t>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: ajak, proxy-maint, t
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/24822
https://bugs.gentoo.org/show_bug.cgi?id=836969
https://github.com/gentoo/gentoo/pull/35436
Whiteboard: B3 [cleanup glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 930395    
Bug Blocks:    

Description Thomas Bracht Laumann Jespersen 2022-01-24 21:33:01 UTC 
Proposed fix here: https://github.com/uclouvain/openjpeg/issues/1347
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-30 02:48:08 UTC 
CVE-2022-1122 (https://github.com/uclouvain/openjpeg/issues/1368):

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-30 02:49:03 UTC 
(In reply to John Helmert III from comment #1)
> CVE-2022-1122 (https://github.com/uclouvain/openjpeg/issues/1368):
> 
> A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the
> way it handles an input directory with a large number of files. When it
> fails to allocate a buffer to store the filenames of the input directory, it
> calls free() on an uninitialized pointer, leading to a segmentation fault
> and a denial of service.

Patch here: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
Comment 3 Larry the Git Cow gentoo-dev 2022-04-07 02:22:04 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65217c376e5339336f01073b3312fed51654cdaf

commit 65217c376e5339336f01073b3312fed51654cdaf
Author:     Thomas Bracht Laumann Jespersen <t@laumann.xyz>
AuthorDate: 2022-03-30 20:48:59 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-04-07 02:21:39 +0000

    media-libs/openjpeg: Fix segfault, security bug 832007
    
    See: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
    Bug: https://bugs.gentoo.org/832007
    Signed-off-by: Thomas Bracht Laumann Jespersen <t@laumann.xyz>
    Closes: https://github.com/gentoo/gentoo/pull/24822
    Signed-off-by: Sam James <sam@gentoo.org>

 .../files/openjpeg-2.4.0-r2-fix-segfault.patch     |  17 +++
 media-libs/openjpeg/openjpeg-2.4.0-r2.ebuild       | 140 +++++++++++++++++++++
 2 files changed, 157 insertions(+)
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-07 02:25:40 UTC 
I guess let's fork off the one with a patch into a new bug, so we can keep this open for the unfixed one upstream.
Comment 6 Thomas Bracht Laumann Jespersen 2024-02-20 05:18:23 UTC 
Nice! i guess it makes sense to backport the patch (mostly given that upstream doesn't cut releases that often)?
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-02-20 05:53:27 UTC 
Makes sense to me! [upstream/ebuild] -> maintainer's discretion
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-04-21 23:40:53 UTC 
Patch is in 2.5.2.