projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5934e67) | patch
package/openjpeg: fix CVE-2020-6851
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 29 Feb 2020 20:24:41 +0000 (21:24 +0100)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sun, 1 Mar 2020 09:42:32 +0000 (10:42 +0100)
commita3b1f2885eeaf610eb98c5f419ece9d71e33e9c8
tree405ce59f24725fa47923db0ac11acd9b8d705cc3tree
parent5934e676f3ae1537accb727154f08abb23177f0bcommit | diff
package/openjpeg: fix CVE-2020-6851

OpenJPEG through 2.3.1 has a heap-based buffer overflow in
opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of
opj_j2k_update_image_dimensions validation.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/openjpeg/0006-opj_j2k_update_image_dimensions-reject-images-whose-coordinates.patch [new file with mode: 0644] blob
package/openjpeg/openjpeg.mk diff | blob | history