Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327
Take the patch that is used by OpenSUSE to mitigate this vulnerability. Upstream seems to be unresponsive to this issue. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../openjpeg/openjpeg/CVE-2023-39327.patch | 50 +++++++++++++++++++ .../openjpeg/openjpeg_2.5.4.bb | 1 + 2 files changed, 51 insertions(+) create mode 100644 meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch new file mode 100644 index 0000000000..05e504a18e --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch @@ -0,0 +1,50 @@ +From a3504b2484cf7443c547037511c40f59aff8ae5a Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari <[email protected]> +Date: Mon, 23 Feb 2026 17:22:18 +0100 +Subject: [PATCH] CVE-2023-39327 + +This patch fixes CVE-2023-39327. + +This patch comes from OpenSuse: +https://build.opensuse.org/projects/openSUSE:Factory/packages/openjpeg2/files/openjpeg2-cve-2023-39327-limit-iterations.patch + +Upstream seems to unresponsive to this vulnerability. + +Upstream-Status: Inactive-Upstream [inactive, when it comes to CVEs] + +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/lib/openjp2/t2.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c +index 4e8cf601..ad39cd74 100644 +--- a/src/lib/openjp2/t2.c ++++ b/src/lib/openjp2/t2.c +@@ -441,6 +441,8 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd, + * and no l_img_comp->resno_decoded are computed + */ + OPJ_BOOL* first_pass_failed = NULL; ++ OPJ_UINT32 l_packet_count = 0; ++ OPJ_UINT32 l_max_packets = 100000; + + if (l_current_pi->poc.prg == OPJ_PROG_UNKNOWN) { + /* TODO ADE : add an error */ +@@ -457,6 +459,17 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd, + + while (opj_pi_next(l_current_pi)) { + OPJ_BOOL skip_packet = OPJ_FALSE; ++ ++ /* CVE-2023-39327: Check for excessive packet iterations */ ++ if (++l_packet_count > l_max_packets) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "Excessive packet iterations detected (>%u). Possible malformed stream.\n", ++ l_max_packets); ++ opj_pi_destroy(l_pi, l_nb_pocs); ++ opj_free(first_pass_failed); ++ return OPJ_FALSE; ++ } ++ + JAS_FPRINTF(stderr, + "packet offset=00000166 prg=%d cmptno=%02d rlvlno=%02d prcno=%03d lyrno=%02d\n\n", + l_current_pi->poc.prg1, l_current_pi->compno, l_current_pi->resno, diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb index 23f46c45cd..971cdb2ff9 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb @@ -7,6 +7,7 @@ DEPENDS = "libpng tiff lcms zlib" SRC_URI = "git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \ file://0001-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \ + file://CVE-2023-39327.patch \ " SRCREV = "6c4a29b00211eb0430fa0e5e890f1ce5c80f409f"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124590): https://lists.openembedded.org/g/openembedded-devel/message/124590 Mute This Topic: https://lists.openembedded.org/mt/117981634/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
