Details: https://nvd.nist.gov/vuln/detail/CVE-2023-51257
Pick the patch that's marked to solve the issue linked in the nvd report. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../jasper/jasper/CVE-2023-51257.patch | 40 +++++++++++++++++++ .../recipes-graphics/jasper/jasper_2.0.33.bb | 4 +- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch diff --git a/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch b/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch new file mode 100644 index 0000000000..96c23698b9 --- /dev/null +++ b/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch @@ -0,0 +1,40 @@ +From b19a51001e681d6c4bbc32b43bd425dee7f2caff Mon Sep 17 00:00:00 2001 +From: Michael Adams <[email protected]> +Date: Thu, 14 Dec 2023 19:04:19 -0800 +Subject: [PATCH] Fixes #367. + +Fixed an integer-overflow bug in the ICC profile parsing code. +Added another invalid image to the test set. + +CVE: CVE-2023-51257 +Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/aeef5293c978158255ad4f127089644745602f2a] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/libjasper/base/jas_icc.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/libjasper/base/jas_icc.c b/src/libjasper/base/jas_icc.c +index 905b823..7e69bd4 100644 +--- a/src/libjasper/base/jas_icc.c ++++ b/src/libjasper/base/jas_icc.c +@@ -1295,10 +1295,20 @@ static int jas_icctxt_input(jas_iccattrval_t *attrval, jas_stream_t *in, + { + jas_icctxt_t *txt = &attrval->data.txt; + txt->string = 0; ++ /* The string must at least contain a single null character. */ ++ if (cnt < 1) { ++ goto error; ++ } + if (!(txt->string = jas_malloc(cnt))) + goto error; + if (jas_stream_read(in, txt->string, cnt) != cnt) + goto error; ++ /* Ensure that the string is null terminated. */ ++ if (txt->string[cnt - 1] != '\0') { ++ goto error; ++ } ++ /* The following line is redundant, unless we do not enforce that ++ the last character must be null. */ + txt->string[cnt - 1] = '\0'; + if (strlen(txt->string) + 1 != cnt) + goto error; diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb index 27dff82df5..522adba93d 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb @@ -3,7 +3,9 @@ HOMEPAGE = "https://jasper-software.github.io/jasper/"; LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb" -SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" +SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master \ + file://CVE-2023-51257.patch \ + " SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973" CVE_CHECK_IGNORE += "\
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121998): https://lists.openembedded.org/g/openembedded-devel/message/121998 Mute This Topic: https://lists.openembedded.org/mt/116439497/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
