deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
buildroot/package/jasper/0005-fix-CVE-2014-8157.patch
Gustavo Zacarias ddfce0448d jasper: add security fixes for CVE-2014-8157/8158 
Fixes:
CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot()
CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-26 23:13:44 +01:00

18 lines
762 B
Diff
Raw Blame History

Fix CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot()
From https://bugzilla.redhat.com/show_bug.cgi?id=1179282
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
--- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 2015-01-19 16:59:36.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2015-01-19 17:07:41.609863268 +0100
@@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t
dec->curtileendoff = 0;
}
- if (JAS_CAST(int, sot->tileno) > dec->numtiles) {
+ if (JAS_CAST(int, sot->tileno) >= dec->numtiles) {
jas_eprintf("invalid tile number in SOT marker segment\n");
return -1;
}
Reference in a new issue View git blame Copy permalink