-
Notifications
You must be signed in to change notification settings - Fork 461
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integer Overflow in num_images #1338
Comments
This appears to have been assigned CVE-2021-29338 |
Is there any manual fix we can use/apply here till we get an patch update ?? |
It looks like the pull request #1346 is intended to cover this issue as well; I believe Alpine Linux has already released an update for the issue with an earlier iteration of the proposed pull request. |
#1346 was replaced with f0629cb. Does that mean CVE-2021-29338 is fixed in master, @rouault? |
I don't think so. I don't see f0629cb changing the code path pointed above |
I understand and agree, but I am not really good at c these days. Since you and @kaniini have previously made changes in this area, I figured either of you two would be the quickest at making such a PR, and ensuring that it actually is correct. A PR from me would basically be trying to copy and paste code from @kaniini where it fits the latest master code, which seems inappropriate and bug prone. Either way, it sounds like the answer is no, so I'll try and cobble something together (just what you want to hear when fixing a CVE :-) ) and see if the CI and reviewers like it. |
Includes the fix for CVE-2021-29338 Credit to @kaniini based on uclouvain#1346 Fixes uclouvain#1338
Is it possible to confirm that this issue doesn't affect the thoughts? |
if the code source changes are in src/bin/ only, it means that it affects only the utilities |
Includes the fix for CVE-2021-29338 Credit to @kaniini based on #1346 Fixes #1338
CVE: CVE-2021-29338 Ref: * uclouvain/openjpeg#1338 Signed-off-by: Kai Kang <[email protected]> Signed-off-by: Khem Raj <[email protected]>
CVE: CVE-2021-29338 Ref: * uclouvain/openjpeg#1338 Signed-off-by: Kai Kang <[email protected]> Signed-off-by: Khem Raj <[email protected]>
CVE: CVE-2021-29338 Ref: * uclouvain/openjpeg#1338 Signed-off-by: Kai Kang <[email protected]> Signed-off-by: Khem Raj <[email protected]>
CVE: CVE-2021-29338 Ref: * uclouvain/openjpeg#1338 Signed-off-by: Kai Kang <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
CVE: CVE-2021-29338 Ref: * uclouvain/openjpeg#1338 Signed-off-by: Kai Kang <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
CVE: CVE-2021-29338 Ref: * uclouvain/openjpeg#1338 Signed-off-by: Kai Kang <[email protected]> Signed-off-by: Khem Raj <[email protected]>
CVE: CVE-2021-29338 Ref: * uclouvain/openjpeg#1338 Signed-off-by: Kai Kang <[email protected]> Signed-off-by: Khem Raj <[email protected]>
Hello openjpeg2 team,
I found an integer overflow vulnerability in the command line options.
If there are many files in the imgdir directory The number of files read by opj_compress will overflow.
openjpeg2(tested with revision * master 0bda718).
run commd
asan info
When num_images is equal to 1048576, multiplying with OPJ_PATH_LEN will produce an overflow result of 0
poc.zip
HX from Topsec alpha Security Team
The text was updated successfully, but these errors were encountered: