projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 32d9a95) | patch
package/openjpeg: fix CVE-2019-12973
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 29 Feb 2020 20:24:40 +0000 (21:24 +0100)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sun, 1 Mar 2020 09:42:29 +0000 (10:42 +0100)
commit5934e676f3ae1537accb727154f08abb23177f0b
treecf114c8eb3c620cfe5c9b41d5e2d96f0ef722b2ftree
parent32d9a95d9460f78e9f33349937f426c3ae11662fcommit | diff
package/openjpeg: fix CVE-2019-12973

In OpenJPEG 2.3.1, there is excessive iteration in the
opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could
leverage this vulnerability to cause a denial of service via a crafted
bmp file. This issue is similar to CVE-2018-6616.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/openjpeg/0004-convertbmp-detect-invalid-file-dimensions-early.patch [new file with mode: 0644] blob
package/openjpeg/0005-bmp_read_rle4_data-avoid-potential-infinite-loop.patch [new file with mode: 0644] blob
package/openjpeg/openjpeg.mk diff | blob | history