[oe][meta-oe][scarthgap][PATCH 1/4] jasper: patch CVE-2024-31744

Mon, 15 Dec 2025 23:13:43 -0800 

From: Ankur Tyagi <[email protected]>

Details https://nvd.nist.gov/vuln/detail/CVE-2024-31744

Signed-off-by: Ankur Tyagi <[email protected]>
---
 .../jasper/jasper/0001-Fixes-381.patch        | 30 +++++++++++++++++++
 .../recipes-graphics/jasper/jasper_4.1.2.bb   |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta-oe/recipes-graphics/jasper/jasper/0001-Fixes-381.patch

diff --git a/meta-oe/recipes-graphics/jasper/jasper/0001-Fixes-381.patch 
b/meta-oe/recipes-graphics/jasper/jasper/0001-Fixes-381.patch
new file mode 100644
index 0000000000..21cf347d18
--- /dev/null
+++ b/meta-oe/recipes-graphics/jasper/jasper/0001-Fixes-381.patch
@@ -0,0 +1,30 @@
+From 0a3bbc33b88a44e03c7d7a2732b80f4e2ed45355 Mon Sep 17 00:00:00 2001
+From: Michael Adams <[email protected]>
+Date: Fri, 29 Mar 2024 07:57:29 -0700
+Subject: [PATCH] Fixes #381.
+
+Added a missing check to the jpc_dec_process_sod function of the JPC codec.
+Added another image to the test set.
+
+CVE: CVE-2024-31744
+Upstream-Status: Backport 
[https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5]
+Signed-off-by: Ankur Tyagi <[email protected]>
+---
+ src/libjasper/jpc/jpc_dec.c |   4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/libjasper/jpc/jpc_dec.c b/src/libjasper/jpc/jpc_dec.c
+index 929f7ae..7e44f05 100644
+--- a/src/libjasper/jpc/jpc_dec.c
++++ b/src/libjasper/jpc/jpc_dec.c
+@@ -611,7 +611,9 @@ static int jpc_dec_process_sod(jpc_dec_t *dec, jpc_ms_t 
*ms)
+       if (dec->pkthdrstreams) {
+               /* Get the stream containing the packet header data for this
+                 tile-part. */
+-              if (!(tile->pkthdrstream = 
jpc_streamlist_remove(dec->pkthdrstreams, 0))) {
++              if (jpc_streamlist_numstreams(dec->pkthdrstreams) != 0 &&
++                !(tile->pkthdrstream = 
jpc_streamlist_remove(dec->pkthdrstreams,
++                0))) {
+                       return -1;
+               }
+       }
diff --git a/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb 
b/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb
index 5f6ad067e0..398b3bd05f 100644
--- a/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb
+++ b/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb
@@ -7,6 +7,7 @@ SRC_URI = 
"git://github.com/jasper-software/jasper.git;protocol=https;branch=mas
            file://0001-Fixes-400.patch \
            file://0001-Fixes-401.patch \
            file://0001-Fixes-402-403.patch \
+           file://0001-Fixes-381.patch \
            "
 SRCREV = "ff633699cb785967a2cb0084d89d56e53c46e416"
 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#122676): 
https://lists.openembedded.org/g/openembedded-devel/message/122676
Mute This Topic: https://lists.openembedded.org/mt/116806368/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to