Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
O
openjpeg2
Manage
Activity
Members
Labels
Plan
Wiki
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
lts
Packages for (E)LTS
openjpeg2
Commits
0fd7376d
Commit
0fd7376d
authored
2 years ago
by
Anton Gladky
Browse files
Options
Downloads
Patches
Plain Diff
CVE-2022-1122
parent
3b2f3400
No related branches found
No related tags found
No related merge requests found
Pipeline
#368121
passed with warnings with stages
in 7 minutes and 36 seconds
Changes
3
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
debian/changelog
+8
-0
8 additions, 0 deletions
debian/changelog
debian/patches/CVE-2022-1122.patch
+19
-0
19 additions, 0 deletions
debian/patches/CVE-2022-1122.patch
debian/patches/series
+1
-0
1 addition, 0 deletions
debian/patches/series
with
28 additions
and
0 deletions
debian/changelog
+
8
−
0
View file @
0fd7376d
openjpeg2 (2.1.0-2+deb8u14) jessie-security; urgency=medium
* Non-maintainer upload by the ELTS Security Team.
* CVE-2022-1122: input directory with a large number of files
can lead to to a segmentation fault and a denial of service.
-- Anton Gladky <gladk@debian.org> Tue, 12 Apr 2022 22:04:51 +0200
openjpeg2 (2.1.0-2+deb8u13) jessie-security; urgency=high
* Non-maintainer upload by the ELTS Team.
...
...
This diff is collapsed.
Click to expand it.
debian/patches/CVE-2022-1122.patch
0 → 100644
+
19
−
0
View file @
0fd7376d
From 0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d Mon Sep 17 00:00:00 2001
From: xiaoxiaoafeifei <lliangliang2007@163.com>
Date: Wed, 14 Jul 2021 09:35:13 +0800
Subject: [PATCH] Fix segfault in src/bin/jp2/opj_decompress.c due to
uninitialized pointer (fixes #1368) (#1369)
Last-Update: 2022-04-12
--- openjpeg2-2.1.0.orig/src/bin/jp2/opj_decompress.c
+++ openjpeg2-2.1.0/src/bin/jp2/opj_decompress.c
@@ -707,7 +707,7 @@
int main(int argc, char **argv)
int it_image;
num_images=get_num_images(img_fol.imgdirpath);
- dirptr=(dircnt_t*)malloc(sizeof(dircnt_t));
+ dirptr=(dircnt_t*)calloc(1, sizeof(dircnt_t));
if(dirptr){
dirptr->filename_buf = calloc((size_t) num_images, sizeof(char) * OPJ_PATH_LEN); /* Stores at max 10 image file names*/
dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*));
This diff is collapsed.
Click to expand it.
debian/patches/series
+
1
−
0
View file @
0fd7376d
...
...
@@ -34,3 +34,4 @@ CVE-2020-27845.patch
CVE-2021-29338.patch
CVE-2020-27843.patch
CVE-2020-27842.patch
CVE-2022-1122.patch
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment