Bug#1111422: trixie-pu: package openjpeg2/2.5.3-2.1~deb13u1
Adrian Bunk
bunk at debian.org
Sun Aug 17 22:08:29 BST 2025
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: openjpeg2 at packages.debian.org, security at debian.org
Control: affects -1 + src:openjpeg2
User: release.debian.org at packages.debian.org
Usertags: pu
* CVE-2025-54874: Out-of-bounds write in opj_jp2_read_header()
(Closes: #1110443)
-------------- next part --------------
diffstat for openjpeg2-2.5.3 openjpeg2-2.5.3
changelog | 15 +++
patches/0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch | 40 ++++++++++
patches/series | 1
3 files changed, 56 insertions(+)
diff -Nru openjpeg2-2.5.3/debian/changelog openjpeg2-2.5.3/debian/changelog
--- openjpeg2-2.5.3/debian/changelog 2025-03-10 09:22:54.000000000 +0200
+++ openjpeg2-2.5.3/debian/changelog 2025-08-17 18:30:07.000000000 +0300
@@ -1,3 +1,18 @@
+openjpeg2 (2.5.3-2.1~deb13u1) trixie; urgency=medium
+
+ * Non-maintainer upload.
+ * Rebuild for trixie.
+
+ -- Adrian Bunk <bunk at debian.org> Sun, 17 Aug 2025 18:30:07 +0300
+
+openjpeg2 (2.5.3-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2025-54874: Out-of-bounds write in opj_jp2_read_header()
+ (Closes: #1110443)
+
+ -- Adrian Bunk <bunk at debian.org> Sat, 09 Aug 2025 18:19:52 +0300
+
openjpeg2 (2.5.3-2) unstable; urgency=medium
* Team upload.
diff -Nru openjpeg2-2.5.3/debian/patches/0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch openjpeg2-2.5.3/debian/patches/0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch
--- openjpeg2-2.5.3/debian/patches/0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch 1970-01-01 02:00:00.000000000 +0200
+++ openjpeg2-2.5.3/debian/patches/0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch 2025-08-09 18:19:52.000000000 +0300
@@ -0,0 +1,40 @@
+From f9b1f9f0a236dfee230b08dcc4165d83c07d473e Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras at gmail.com>
+Date: Thu, 16 Jan 2025 02:13:43 +0100
+Subject: opj_jp2_read_header: Check for error after parsing header.
+
+Consider the case where the caller has not set the p_image
+pointer to NULL before calling opj_read_header().
+
+If opj_j2k_read_header_procedure() fails while obtaining the rest
+of the marker segment when calling opj_stream_read_data() because
+the data stream is too short, then opj_j2k_read_header() will
+never have the chance to initialize p_image, leaving it
+uninitialized.
+
+opj_jp2_read_header() will check the p_image value whether
+opj_j2k_read_header() suceeded or failed. This may be detected as
+an error in valgrind or ASAN.
+
+The fix is to check whether opj_j2k_read_header() suceeded before
+using the output argument p_image.
+---
+ src/lib/openjp2/jp2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c
+index 4df055a5..da506318 100644
+--- a/src/lib/openjp2/jp2.c
++++ b/src/lib/openjp2/jp2.c
+@@ -2873,7 +2873,7 @@ OPJ_BOOL opj_jp2_read_header(opj_stream_private_t *p_stream,
+ p_image,
+ p_manager);
+
+- if (p_image && *p_image) {
++ if (ret && p_image && *p_image) {
+ /* Set Image Color Space */
+ if (jp2->enumcs == 16) {
+ (*p_image)->color_space = OPJ_CLRSPC_SRGB;
+--
+2.30.2
+
diff -Nru openjpeg2-2.5.3/debian/patches/series openjpeg2-2.5.3/debian/patches/series
--- openjpeg2-2.5.3/debian/patches/series 2025-03-10 09:22:54.000000000 +0200
+++ openjpeg2-2.5.3/debian/patches/series 2025-08-09 18:19:52.000000000 +0300
@@ -1,2 +1,3 @@
issue878.patch
man_fix.patch
+0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch
More information about the Pkg-phototools-devel
mailing list