Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 832007 (CVE-2021-3575) - media-libs/openjpeg: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb
Summary: media-libs/openjpeg: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb
Status: IN_PROGRESS
Alias: CVE-2021-3575
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [ebuild]
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2022-01-24 21:33 UTC by Thomas Bracht Laumann Jespersen
Modified: 2024-03-02 01:33 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Bracht Laumann Jespersen 2022-01-24 21:33:01 UTC 
Proposed fix here: https://github.com/uclouvain/openjpeg/issues/1347
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-30 02:48:08 UTC 
CVE-2022-1122 (https://github.com/uclouvain/openjpeg/issues/1368):

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-30 02:49:03 UTC 
(In reply to John Helmert III from comment #1)
> CVE-2022-1122 (https://github.com/uclouvain/openjpeg/issues/1368):
> 
> A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the
> way it handles an input directory with a large number of files. When it
> fails to allocate a buffer to store the filenames of the input directory, it
> calls free() on an uninitialized pointer, leading to a segmentation fault
> and a denial of service.

Patch here: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
Comment 3 Larry the Git Cow gentoo-dev 2022-04-07 02:22:04 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65217c376e5339336f01073b3312fed51654cdaf

commit 65217c376e5339336f01073b3312fed51654cdaf
Author:     Thomas Bracht Laumann Jespersen <t@laumann.xyz>
AuthorDate: 2022-03-30 20:48:59 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-04-07 02:21:39 +0000

    media-libs/openjpeg: Fix segfault, security bug 832007
    
    See: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
    Bug: https://bugs.gentoo.org/832007
    Signed-off-by: Thomas Bracht Laumann Jespersen <t@laumann.xyz>
    Closes: https://github.com/gentoo/gentoo/pull/24822
    Signed-off-by: Sam James <sam@gentoo.org>

 .../files/openjpeg-2.4.0-r2-fix-segfault.patch     |  17 +++
 media-libs/openjpeg/openjpeg-2.4.0-r2.ebuild       | 140 +++++++++++++++++++++
 2 files changed, 157 insertions(+)
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-07 02:25:40 UTC 
I guess let's fork off the one with a patch into a new bug, so we can keep this open for the unfixed one upstream.
Comment 6 Thomas Bracht Laumann Jespersen 2024-02-20 05:18:23 UTC 
Nice! i guess it makes sense to backport the patch (mostly given that upstream doesn't cut releases that often)?
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-02-20 05:53:27 UTC 
Makes sense to me! [upstream/ebuild] -> maintainer's discretion