projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 071e719) | patch
package/openjpeg: fix CVE-2020-15389
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Thu, 27 Aug 2020 20:40:12 +0000 (22:40 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Thu, 27 Aug 2020 21:10:12 +0000 (23:10 +0200)
commitb006cc373f96ec86c027779e113c8f70bc40d1c3
tree9cab4954680336dfc0ad13fd7f6beeb36280b855tree
parent071e719d586ed2a551011ea3bcc378ba66f37c47commit | diff
package/openjpeg: fix CVE-2020-15389

Fix CVE-2020-15389: jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a
use-after-free that can be triggered if there is a mix of valid and
invalid files in a directory operated on by the decompressor. Triggering
a double-free may also be possible. This is related to calling
opj_image_destroy twice.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/openjpeg/0008-opj_decompress-fix-double-free-on-input-directory-with-mix-of-valid.patch [new file with mode: 0644] blob