diff --git a/openjpeg2-CVE-2021-3575.patch b/openjpeg2-CVE-2021-3575.patch new file mode 100644 index 0000000..6aaae29 --- /dev/null +++ b/openjpeg2-CVE-2021-3575.patch @@ -0,0 +1,35 @@ +From 409907d89878222cf9dea80f0add8f73e9383834 Mon Sep 17 00:00:00 2001 +From: Mehdi Sabwat +Date: Fri, 7 May 2021 01:50:37 +0200 +Subject: [PATCH] fix heap buffer overflow #1347 + +--- + src/bin/common/color.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/bin/common/color.c b/src/bin/common/color.c +index 27f15f1..935fa44 100644 +--- a/src/bin/common/color.c ++++ b/src/bin/common/color.c +@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t *img) + + sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); + +- ++y; ++ if (*y != img->comps[0].data[loopmaxh]) ++ ++y; + ++r; + ++g; + ++b; +- ++cb; +- ++cr; ++ if (*cb != img->comps[1].data[loopmaxh]) ++ ++cb; ++ if (*cr != img->comps[2].data[loopmaxh]) ++ ++cr; + } + if (j < maxw) { + sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); +-- +2.31.1 + diff --git a/openjpeg2.spec b/openjpeg2.spec index a332aef..4f7f336 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -8,7 +8,7 @@ Name: openjpeg2 Version: 2.4.0 -Release: 4%{?dist} +Release: 5%{?dist} Summary: C-Library for JPEG 2000 # windirent.h is MIT, the rest is BSD @@ -24,6 +24,8 @@ Source1: data.tar.xz Patch0: openjpeg2_opj2.patch # Fix CVE-2021-29338 Patch1: openjpeg2-CVE-2021-29338.patch +# Fix CVE-2021-3575 +Patch2: openjpeg2-CVE-2021-3575.patch BuildRequires: cmake @@ -326,6 +328,9 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer %changelog +* Fri Jun 25 2021 Nikola Forró - 2.4.0-5 +- Fix CVE-2021-3575 (#1969280) + * Fri Jun 25 2021 Nikola Forró - 2.4.0-4 - Fix CVE-2021-29338 (#1951333)