jas_image: Check number of lutents #199
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The index v of lutents[v] will be negative if numlutents is smaller than 1. This causes the heap-based buffer overflow because the lutents[] starts at 0. Regards CVE-2018-19541. Regards jasper-software#182 bug#1 Fix by Markus Koschany [email protected]. From https://gist.github.com/apoleon/3e9d4e86c51d16c7e551a1cc538528b9
Closed
jubalh
added a commit
to jubalh/jasper
that referenced
this pull request
Nov 4, 2019
This fixes CVE-2018-19541. We need to verify the data is in the expected range. Otherwise we get problems later. This is a better fix for jasper-software#199 which caused segfaults under certain circumstances. Patch by Adam Majer <[email protected]>
|
This patch can cause segfaults in some cases. #211 is the proper fix for this CVE. |
jubalh
added a commit
to jasper-maint/jasper
that referenced
this pull request
Jun 15, 2020
This fixes CVE-2018-19541. We need to verify the data is in the expected range. Otherwise we get problems later. This is a better fix for jasper-software/jasper#199 which caused segfaults under certain circumstances. Patch by Adam Majer <[email protected]> See: jasper-software/jasper#211 Fix #6
jubalh
pushed a commit
to jasper-maint/jasper
that referenced
this pull request
Jun 16, 2020
This fixes CVE-2018-19541. We need to verify the data is in the expected range. Otherwise we get problems later. This is a better fix for jasper-software/jasper#199 which caused segfaults under certain circumstances. See: jasper-software/jasper#211 Fix #6
jubalh
pushed a commit
to jasper-maint/jasper
that referenced
this pull request
Jun 16, 2020
This fixes CVE-2018-19541. We need to verify the data is in the expected range. Otherwise we get problems later. This is a better fix for jasper-software/jasper#199 which caused segfaults under certain circumstances. See: jasper-software/jasper#211 Fix #6
jubalh
pushed a commit
to jasper-maint/jasper
that referenced
this pull request
Jun 16, 2020
This fixes CVE-2018-19541. We need to verify the data is in the expected range. Otherwise we get problems later. This is a better fix for jasper-software/jasper#199 which caused segfaults under certain circumstances. See: jasper-software/jasper#211 Fix #6
jubalh
pushed a commit
to jasper-maint/jasper
that referenced
this pull request
Jun 17, 2020
This fixes CVE-2018-19541. We need to verify the data is in the expected range. Otherwise we get problems later. This is a better fix for jasper-software/jasper#199 which caused segfaults under certain circumstances. See: jasper-software/jasper#211 Fix #6
jubalh
added a commit
to jubalh/buildroot
that referenced
this pull request
Jul 28, 2020
Changes: * Fix CVE-2018-9154 jasper-software/jasper#215 jasper-software/jasper#166 jasper-software/jasper#175 jasper-maint/jasper#8 * Fix CVE-2018-19541 jasper-software/jasper#199 jasper-maint/jasper#6 * Fix CVE-2016-9399, CVE-2017-13751 jasper-maint/jasper#1 * Fix CVE-2018-19540 jasper-software/jasper#182 jasper-maint/jasper#22 * Fix CVE-2018-9055 jasper-maint/jasper#9 * Fix CVE-2017-13748 jasper-software/jasper#168 * Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 jasper-maint/jasper#3 jasper-maint/jasper#4 jasper-maint/jasper#5 jasper-software/jasper#88 jasper-software/jasper#89 jasper-software/jasper#90 * Fix CVE-2018-9252 jasper-maint/jasper#16 * Fix CVE-2018-19139 jasper-maint/jasper#14 * Fix CVE-2018-19543, CVE-2017-9782 jasper-maint/jasper#13 jasper-maint/jasper#18 jasper-software/jasper#140 jasper-software/jasper#182 * Fix CVE-2018-20570 jasper-maint/jasper#11 jasper-software/jasper#191 * Fix CVE-2018-20622 jasper-maint/jasper#12 jasper-software/jasper#193 * Fix CVE-2016-9398 jasper-maint/jasper#10 * Fix CVE-2017-14132 jasper-maint/jasper#17 * Fix CVE-2017-5499 jasper-maint/jasper#2 jasper-software/jasper#63 * Fix CVE-2018-18873 jasper-maint/jasper#15 jasper-software/jasper#184 * Fix jasper-software/jasper#207 * Fix jasper-software/jasper#194 part 1 * Fix CVE-2017-13750 jasper-software/jasper#165 jasper-software/jasper#174 * New option -DJAS_ENABLE_HIDDEN=true to not export internal symbols in the public symbol table * Fix various memory leaks * Plenty of code cleanups, and performance improvements
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this pull request
Aug 3, 2020
Fixes the following security issues: * Fix CVE-2018-9154 jasper-software/jasper#215 jasper-software/jasper#166 jasper-software/jasper#175 jasper-maint/jasper#8 * Fix CVE-2018-19541 jasper-software/jasper#199 jasper-maint/jasper#6 * Fix CVE-2016-9399, CVE-2017-13751 jasper-maint/jasper#1 * Fix CVE-2018-19540 jasper-software/jasper#182 jasper-maint/jasper#22 * Fix CVE-2018-9055 jasper-maint/jasper#9 * Fix CVE-2017-13748 jasper-software/jasper#168 * Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 jasper-maint/jasper#3 jasper-maint/jasper#4 jasper-maint/jasper#5 jasper-software/jasper#88 jasper-software/jasper#89 jasper-software/jasper#90 * Fix CVE-2018-9252 jasper-maint/jasper#16 * Fix CVE-2018-19139 jasper-maint/jasper#14 * Fix CVE-2018-19543, CVE-2017-9782 jasper-maint/jasper#13 jasper-maint/jasper#18 jasper-software/jasper#140 jasper-software/jasper#182 * Fix CVE-2018-20570 jasper-maint/jasper#11 jasper-software/jasper#191 * Fix CVE-2018-20622 jasper-maint/jasper#12 jasper-software/jasper#193 * Fix CVE-2016-9398 jasper-maint/jasper#10 * Fix CVE-2017-14132 jasper-maint/jasper#17 * Fix CVE-2017-5499 jasper-maint/jasper#2 jasper-software/jasper#63 * Fix CVE-2018-18873 jasper-maint/jasper#15 jasper-software/jasper#184 * Fix CVE-2017-13750 jasper-software/jasper#165 jasper-software/jasper#174 Furthermore, drop now upstreamed patches and change to the new jasper-software upstream location. Signed-off-by: Michael Vetter <[email protected]> [Peter: reword for security bump] Signed-off-by: Peter Korsgaard <[email protected]>
woodsts
pushed a commit
to woodsts/buildroot
that referenced
this pull request
Aug 18, 2020
Fixes the following security issues: * Fix CVE-2018-9154 jasper-software/jasper#215 jasper-software/jasper#166 jasper-software/jasper#175 jasper-maint/jasper#8 * Fix CVE-2018-19541 jasper-software/jasper#199 jasper-maint/jasper#6 * Fix CVE-2016-9399, CVE-2017-13751 jasper-maint/jasper#1 * Fix CVE-2018-19540 jasper-software/jasper#182 jasper-maint/jasper#22 * Fix CVE-2018-9055 jasper-maint/jasper#9 * Fix CVE-2017-13748 jasper-software/jasper#168 * Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 jasper-maint/jasper#3 jasper-maint/jasper#4 jasper-maint/jasper#5 jasper-software/jasper#88 jasper-software/jasper#89 jasper-software/jasper#90 * Fix CVE-2018-9252 jasper-maint/jasper#16 * Fix CVE-2018-19139 jasper-maint/jasper#14 * Fix CVE-2018-19543, CVE-2017-9782 jasper-maint/jasper#13 jasper-maint/jasper#18 jasper-software/jasper#140 jasper-software/jasper#182 * Fix CVE-2018-20570 jasper-maint/jasper#11 jasper-software/jasper#191 * Fix CVE-2018-20622 jasper-maint/jasper#12 jasper-software/jasper#193 * Fix CVE-2016-9398 jasper-maint/jasper#10 * Fix CVE-2017-14132 jasper-maint/jasper#17 * Fix CVE-2017-5499 jasper-maint/jasper#2 jasper-software/jasper#63 * Fix CVE-2018-18873 jasper-maint/jasper#15 jasper-software/jasper#184 * Fix CVE-2017-13750 jasper-software/jasper#165 jasper-software/jasper#174 Furthermore, drop now upstreamed patches and change to the new jasper-software upstream location. Signed-off-by: Michael Vetter <[email protected]> [Peter: reword for security bump] Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit d0f7b24) Signed-off-by: Peter Korsgaard <[email protected]>
woodsts
pushed a commit
to woodsts/buildroot
that referenced
this pull request
Aug 18, 2020
Fixes the following security issues: * Fix CVE-2018-9154 jasper-software/jasper#215 jasper-software/jasper#166 jasper-software/jasper#175 jasper-maint/jasper#8 * Fix CVE-2018-19541 jasper-software/jasper#199 jasper-maint/jasper#6 * Fix CVE-2016-9399, CVE-2017-13751 jasper-maint/jasper#1 * Fix CVE-2018-19540 jasper-software/jasper#182 jasper-maint/jasper#22 * Fix CVE-2018-9055 jasper-maint/jasper#9 * Fix CVE-2017-13748 jasper-software/jasper#168 * Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 jasper-maint/jasper#3 jasper-maint/jasper#4 jasper-maint/jasper#5 jasper-software/jasper#88 jasper-software/jasper#89 jasper-software/jasper#90 * Fix CVE-2018-9252 jasper-maint/jasper#16 * Fix CVE-2018-19139 jasper-maint/jasper#14 * Fix CVE-2018-19543, CVE-2017-9782 jasper-maint/jasper#13 jasper-maint/jasper#18 jasper-software/jasper#140 jasper-software/jasper#182 * Fix CVE-2018-20570 jasper-maint/jasper#11 jasper-software/jasper#191 * Fix CVE-2018-20622 jasper-maint/jasper#12 jasper-software/jasper#193 * Fix CVE-2016-9398 jasper-maint/jasper#10 * Fix CVE-2017-14132 jasper-maint/jasper#17 * Fix CVE-2017-5499 jasper-maint/jasper#2 jasper-software/jasper#63 * Fix CVE-2018-18873 jasper-maint/jasper#15 jasper-software/jasper#184 * Fix CVE-2017-13750 jasper-software/jasper#165 jasper-software/jasper#174 Furthermore, drop now upstreamed patches and change to the new jasper-software upstream location. Signed-off-by: Michael Vetter <[email protected]> [Peter: reword for security bump] Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit d0f7b24) Signed-off-by: Peter Korsgaard <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The index v of lutents[v] will be negative if numlutents is smaller than 1.
This causes the heap-based buffer overflow because the lutents[] starts at 0.
Regards CVE-2018-19541.
Regards #182 bug#1
Fix by Markus Koschany [email protected].
From https://gist.github.com/apoleon/3e9d4e86c51d16c7e551a1cc538528b9