[oe] [meta-oe][kirkstone][PATCH 4/4] jasper: patch CVE-2025-8837

Sun, 23 Nov 2025 09:43:19 -0800 

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8837

Pick the patch that is referenced by the nvd report.

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../jasper/jasper/CVE-2025-8837.patch         | 63 +++++++++++++++++++
 .../recipes-graphics/jasper/jasper_2.0.33.bb  |  1 +
 2 files changed, 64 insertions(+)
 create mode 100644 meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch

diff --git a/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch 
b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch
new file mode 100644
index 0000000000..7a1eefa6c6
--- /dev/null
+++ b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch
@@ -0,0 +1,63 @@
+From 61c37530a3abcb5db2f7a431e91dbb3531ff1816 Mon Sep 17 00:00:00 2001
+From: Michael Adams <[email protected]>
+Date: Tue, 5 Aug 2025 20:46:48 -0700
+Subject: [PATCH] Fixes #402, #403.
+
+JPEG-2000 (JPC) Decoder:
+- Added the setting of several pointers to null in some cleanup code
+  after the pointed-to memory was freed.  This pointer nulling is not
+  needed normally, but it is needed when certain debugging logs are
+  enabled (so that the debug code understands that the memory associated
+  with the aforementioned pointers has been freed).
+
+CVE: CVE-2025-8837
+Upstream-Status: Backport 
[https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a]
+
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+---
+ src/libjasper/jpc/jpc_dec.c |  13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/src/libjasper/jpc/jpc_dec.c b/src/libjasper/jpc/jpc_dec.c
+index 2553696..c2600c4 100644
+--- a/src/libjasper/jpc/jpc_dec.c
++++ b/src/libjasper/jpc/jpc_dec.c
+@@ -1107,23 +1107,23 @@ static int jpc_dec_tilefini(jpc_dec_t *dec, 
jpc_dec_tile_t *tile)
+ 
+       if (tile->cp) {
+               jpc_dec_cp_destroy(tile->cp);
+-              //tile->cp = 0;
++              tile->cp = 0;
+       }
+       if (tile->tcomps) {
+               jas_free(tile->tcomps);
+-              //tile->tcomps = 0;
++              tile->tcomps = 0;
+       }
+       if (tile->pi) {
+               jpc_pi_destroy(tile->pi);
+-              //tile->pi = 0;
++              tile->pi = 0;
+       }
+       if (tile->pkthdrstream) {
+               jas_stream_close(tile->pkthdrstream);
+-              //tile->pkthdrstream = 0;
++              tile->pkthdrstream = 0;
+       }
+       if (tile->pptstab) {
+               jpc_ppxstab_destroy(tile->pptstab);
+-              //tile->pptstab = 0;
++              tile->pptstab = 0;
+       }
+ 
+       tile->state = JPC_TILE_DONE;
+@@ -2259,6 +2259,9 @@ static int jpc_dec_dump(const jpc_dec_t *dec, FILE *out)
+       const jpc_dec_tile_t *tile;
+       for (tileno = 0, tile = dec->tiles; tileno < dec->numtiles;
+         ++tileno, ++tile) {
++              if (!tile->tcomps) {
++                      continue;
++              }
+               assert(!dec->numcomps || tile->tcomps);
+               unsigned compno;
+               const jpc_dec_tcomp_t *tcomp;
diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb 
b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
index d78250306b..e972b7b85a 100644
--- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
+++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
@@ -7,6 +7,7 @@ SRC_URI = 
"git://github.com/jasper-software/jasper.git;protocol=https;branch=mas
            file://CVE-2023-51257.patch \
            file://CVE-2025-8835.patch \
            file://CVE-2025-8836.patch \
+           file://CVE-2025-8837.patch \
            "
 SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"
 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#122001): 
https://lists.openembedded.org/g/openembedded-devel/message/122001
Mute This Topic: https://lists.openembedded.org/mt/116439502/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to