[Pkg-phototools-devel] Bug#734238: Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images
Benjamin Gilbert
bgilbert at cs.cmu.edu
Sun Jan 5 02:43:34 UTC 2014
Package: libopenjpeg2
Version: 1.3+dfsg-4.7+b1
The patch for CVE-2013-6045 disables decoding of images whose first
color component has a higher resolution than subsequent components.
This is a legitimate image encoding; consider, for example, YCbCr images
with chroma subsampling. This change is preventing OpenSlide from
decoding certain Aperio slide files (example slide at [1]).
For example, consider p0_06.j2k from the OpenJPEG test suite [2]. With
1.3+dfsg-4.6:
$ j2k_to_image -i p0_06.j2k -o out.ppm
[INFO] tile 1 of 1
[INFO] - tiers-1 took 0.020000 s
[INFO] - dwt took 0.000000 s
[INFO] - tile decoded in 0.020000 s
PNM CONVERSION: Truncating component 0 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 1 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 2 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 3 from 12 bits to 8 bits
Generated Outfile out.ppm
With 1.3+dfsg-4.7+b1, the same command produces:
[INFO] tile 1 of 1
[ERROR] Error decoding tile. Component 1 contains only 33153 blocks
while component 0 has 66177 blocks
ERROR -> j2k_to_image: failed to decode image!
[1]:
http://openslide.cs.cmu.edu/download/openslide-testdata/Aperio/JP2K-33003-1.svs
[2]: http://openjpeg.googlecode.com/svn/data/input/conformance/p0_06.j2k
More information about the Pkg-phototools-devel
mailing list