Your message dated Wed, 11 Jul 2012 20:48:43 +0000
with message-id <[email protected]>
and subject line Bug#681075: fixed in openjpeg 1.3+dfsg-4.4
has caused the Debian Bug report #681075,
regarding Fwd: Openjpeg heap buffer overflow issue affecting 1.4 and 1.5
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
681075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681075
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openjpeg
Version: 1.3+dfsg-4.2
Severity: important
Tags: security patch fixed-upstream
Hi Mathieu,
We have found a heap-buffer overflow issue in openjpeg, when decoding
j2k image files. I am attaching a patch to this email.
We will be making this issue public on 9-July-2012 Monday.
Sorry for the short notice, let me know if you need more time.
This issue affects both version 1.4 and 1.5
--
Huzaifa Sidhpurwala / Red Hat Security Response Team
Enforce sanity checks on tile number and tile length, even when the (rather
broken) USE_JPWL code isn't enabled.
diff -Naur OpenJPEG_v1_3.orig/libopenjpeg/j2k.c OpenJPEG_v1_3/libopenjpeg/j2k.c
--- OpenJPEG_v1_3.orig/libopenjpeg/j2k.c 2007-12-19 07:28:40.000000000 -0500
+++ OpenJPEG_v1_3/libopenjpeg/j2k.c 2010-11-02 12:50:57.342204186 -0400
@@ -1282,7 +1282,7 @@
static int backup_tileno = 0;
/* tileno is negative or larger than the number of tiles!!! */
- if ((tileno < 0) || (tileno > (cp->tw * cp->th))) {
+ if ((tileno < 0) || (tileno >= (cp->tw * cp->th))) {
opj_event_msg(j2k->cinfo, EVT_ERROR,
"JPWL: bad tile number (%d out of a maximum of %d)\n",
tileno, (cp->tw * cp->th));
@@ -1299,8 +1299,18 @@
/* keep your private count of tiles */
backup_tileno++;
- };
+ }
+ else
#endif /* USE_JPWL */
+ {
+ /* tileno is negative or larger than the number of tiles!!! */
+ if ((tileno < 0) || (tileno >= (cp->tw * cp->th))) {
+ opj_event_msg(j2k->cinfo, EVT_ERROR,
+ "JPWL: bad tile number (%d out of a maximum of %d)\n",
+ tileno, (cp->tw * cp->th));
+ return;
+ }
+ }
if (cp->tileno_size == 0) {
cp->tileno[cp->tileno_size] = tileno;
@@ -1338,8 +1348,18 @@
totlen);
}
- };
+ }
+ else
#endif /* USE_JPWL */
+ {
+ /* totlen is negative or larger than the bytes left!!! */
+ if ((totlen < 0) || (totlen > (cio_numbytesleft(cio) + 8))) {
+ opj_event_msg(j2k->cinfo, EVT_ERROR,
+ "JPWL: bad tile byte size (%d bytes against %d bytes left)\n",
+ totlen, cio_numbytesleft(cio) + 8);
+ return;
+ }
+ }
if (!totlen)
totlen = cio_numbytesleft(cio) + 8;
--- End Message ---
--- Begin Message ---
Source: openjpeg
Source-Version: 1.3+dfsg-4.4
We believe that the bug you reported is fixed in the latest version of
openjpeg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <[email protected]> (supplier of updated openjpeg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 11 Jul 2012 15:52:34 -0400
Source: openjpeg
Binary: libopenjpeg-dev libopenjpeg2 libopenjpeg2-dbg openjpeg-tools
Architecture: source amd64
Version: 1.3+dfsg-4.4
Distribution: unstable
Urgency: high
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Michael Gilbert <[email protected]>
Description:
libopenjpeg-dev - development files for libopenjpeg2, a JPEG 2000 image library
libopenjpeg2 - JPEG 2000 image compression/decompression library
libopenjpeg2-dbg - debug symbols for libopenjpeg2, a JPEG 2000 image library
openjpeg-tools - command-line tools using the JPEG 2000 library
Closes: 681075
Changes:
openjpeg (1.3+dfsg-4.4) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix cve-2012-3358: buffer overflow in JPEG2000 image file handling
(closes: #681075).
Checksums-Sha1:
430952022af657d4acbe81471ccc47a1c246495c 2869 openjpeg_1.3+dfsg-4.4.dsc
6043add5cb16fe3fccb73da3c86238df02693510 13166 openjpeg_1.3+dfsg-4.4.diff.gz
57a8f3cf8bb458a7781cfe9d03102dd050bcf365 99624
libopenjpeg-dev_1.3+dfsg-4.4_amd64.deb
9717ea958b4c68dfddbe15c8957e269c34a38438 85672
libopenjpeg2_1.3+dfsg-4.4_amd64.deb
0984979520b213b87270e6ead37f94c7f0710065 448778
libopenjpeg2-dbg_1.3+dfsg-4.4_amd64.deb
e44ce35ea8ff5c3802e89aef139c062f03651c6b 216970
openjpeg-tools_1.3+dfsg-4.4_amd64.deb
Checksums-Sha256:
9a6cef2aaca601db432c0ec0385a039747138ecc4b3b891015c68fe24c7639c9 2869
openjpeg_1.3+dfsg-4.4.dsc
410df89f0f7a7b0636b40b030bc30f2d912f148b312d21353aa3ddbed4f05a70 13166
openjpeg_1.3+dfsg-4.4.diff.gz
4fbfd6628bc5dbafe3ce50ab45a8096e35cfba2fcfd9e29532aa972af6906352 99624
libopenjpeg-dev_1.3+dfsg-4.4_amd64.deb
f352d136c42ca7db1008d489b220ec72636aef871cea3e30835de6937f72cd9a 85672
libopenjpeg2_1.3+dfsg-4.4_amd64.deb
0dcea53c2d20823c3622bbd385502fc429ca157b803e6d999df46808dcdff585 448778
libopenjpeg2-dbg_1.3+dfsg-4.4_amd64.deb
3c86f4339eb2385ab69d60682e95fc1dbe25e84157903212086c7b57bc99d100 216970
openjpeg-tools_1.3+dfsg-4.4_amd64.deb
Files:
46762dae01a2589150886ddccb56d7e7 2869 libs extra openjpeg_1.3+dfsg-4.4.dsc
107d52d6c6c70f6f1ba9d97469e41365 13166 libs extra openjpeg_1.3+dfsg-4.4.diff.gz
b0ce39f9781fa664666527789faa0c98 99624 libdevel extra
libopenjpeg-dev_1.3+dfsg-4.4_amd64.deb
ae58d65b535dbd7347fbc4cd32c45251 85672 libs extra
libopenjpeg2_1.3+dfsg-4.4_amd64.deb
f18acab58ba6e45d4b226ed9c2381178 448778 libdevel extra
libopenjpeg2-dbg_1.3+dfsg-4.4_amd64.deb
ed808e08c765072064f535e2b4b77ef4 216970 graphics extra
openjpeg-tools_1.3+dfsg-4.4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJP/dzxAAoJELjWss0C1vRzXwQf/A6tuFGrEws6uTH6mR5C+JmR
msIIoD0qa377bVyU430zCSTnc17HgerzIm4+DpehrfaZbHs0WahZRRdUvdxqTY7v
GPATaLP5wtkJroPrYE81Sguuinm2K8pKJ0nis6zgrl8DdSQwwmFK7rejqFPALMf6
9B7GBHpwwSaFI2h0bWCrY4om+HaTZiRFZbnhK3mYk1qcigKwG8Oi77NSSdSHjxGK
I2qQZ9Oz+aRChjuyUkOSOKXGr1WlXM/GLgWEYAG5uhkUSDs0+8r6rZ+8JwMfU4z5
Qgy/AAcSiQRjiNQ2v62uqE+G1ALaPmYRNMPoABjt/7kFSGpua6GczZe0/mP3xzhH
jqeykVeHW11w8i+BARJIywy70pcb9rBzToA3bDiNBFE1ptJLQQlZe3Pxx+HKmIZv
z5v8u6NMqGSJ/Q2L0lpF4EeCwt/Gc0oxOJD1m8Cl32fQRupNBzJUo2NgzAXfwipm
vKFUR6nBnTZRDFUXLF/8Hpp+/q6hKqMG/Y57MoFFciSMTNbMiNu+2NNGK4ZIq/AM
UD/Yt8EJEw9PuxV+sL/rgMXFrWUmFUb3Dkya0v5566M8v6er0GrIvS+3cRVkrPHi
NoesZTKDGf7Evuk2c7dLjtMe3gwuB7eedsSQN19TmqTSeHHnheyOkUDkEgDZBfN5
/utC30rQq6pcOJIAfWID26kthV16cP4DSBqy4RK0iYIFPoP5OJBqhTr/EF0E71zQ
+RoL8pLgf9Ub0tf+crtCtM8a1c/2LsTH5ySVWuYynOHRt4vdD6rxjocNz0y9JOjS
CzDRwOLfHx9Evys5R9tNj6itE2pUPWJmOUv/QcYgTpcC/HUdMX1RJ41bRYXhV3AP
TA6cb9F0dWgyHgX3l2hYZSbBDbaNIVQ/hos/GCmeh72J38cOcM1j+FvLt+i1WEkJ
RfXvFTv/ZvSPjLksJCYg7RffQ2JIbHJ5HbJRGtKj/LIhnFiyZBnbLHhewZTb9ubr
aSgOETPsiB5mEa3lqHrvxMvL7vpKFSg9Kx58EJWLUQxd4N4XO+A7qtLogKUPXmoO
kAg/9mwecvdD/nSNnQMjT72p9KyL5ms1FwL7pokJhG4YObHrIf6Sh3iy72P3Prbr
HETtbisaGVx3PF2oWBAG9EJZUajILnmvS26YnPbKyzoCqdFNnwZHP4W7VbvcscE1
1DRvKxzVowKP2L+HD8P1YX03NQ6QKi0YXWEo5gUNZ/2eOlagElPssC95v3vxwCPV
sF9qjH7aFL3uGgVOIu2lzICtMWm430+s49Ffd6J15FGBUI96p9zb1bEIyNWl/0Ca
U67oinqdDT3FBCIpog6w53GOpb88iDKm+kKbBCjdeE0xrReVfKtW7fq7vNGvWwg=
=fLJJ
-----END PGP SIGNATURE-----
--- End Message ---
