Verify range data in jp2_pclr_getdata #211
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This fixes CVE-2018-19541. We need to verify the data is in the expected range. Otherwise we get problems later. This is a better fix for jasper-software#199 which caused segfaults under certain circumstances. Patch by Adam Majer <[email protected]>
woodsts
pushed a commit
to woodsts/buildroot
that referenced
this pull request
Dec 2, 2019
Add 0001-verify-data-range-CVE-2018-19541.patch: We need to verify the data is in the expected range. Otherwise we get problems later. Patch was proposed upstream[1] but upstream is very inactive. Linux distributions use the same fix to patch their packages. 1: jasper-software/jasper#211 Signed-off-by: Michael Vetter <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this pull request
Dec 6, 2019
Add 0001-verify-data-range-CVE-2018-19541.patch: We need to verify the data is in the expected range. Otherwise we get problems later. Patch was proposed upstream[1] but upstream is very inactive. Linux distributions use the same fix to patch their packages. 1: jasper-software/jasper#211 Signed-off-by: Michael Vetter <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit fddee3c) Signed-off-by: Peter Korsgaard <[email protected]>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this pull request
Dec 6, 2019
Add 0001-verify-data-range-CVE-2018-19541.patch: We need to verify the data is in the expected range. Otherwise we get problems later. Patch was proposed upstream[1] but upstream is very inactive. Linux distributions use the same fix to patch their packages. 1: jasper-software/jasper#211 Signed-off-by: Michael Vetter <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit fddee3c) Signed-off-by: Peter Korsgaard <[email protected]>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this pull request
Dec 6, 2019
Add 0001-verify-data-range-CVE-2018-19541.patch: We need to verify the data is in the expected range. Otherwise we get problems later. Patch was proposed upstream[1] but upstream is very inactive. Linux distributions use the same fix to patch their packages. 1: jasper-software/jasper#211 Signed-off-by: Michael Vetter <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit fddee3c) Signed-off-by: Peter Korsgaard <[email protected]>
jubalh
added a commit
to jasper-maint/jasper
that referenced
this pull request
Jun 15, 2020
This fixes CVE-2018-19541. We need to verify the data is in the expected range. Otherwise we get problems later. This is a better fix for jasper-software/jasper#199 which caused segfaults under certain circumstances. Patch by Adam Majer <[email protected]> See: jasper-software/jasper#211 Fix #6
jubalh
pushed a commit
to jasper-maint/jasper
that referenced
this pull request
Jun 16, 2020
This fixes CVE-2018-19541. We need to verify the data is in the expected range. Otherwise we get problems later. This is a better fix for jasper-software/jasper#199 which caused segfaults under certain circumstances. See: jasper-software/jasper#211 Fix #6
jubalh
pushed a commit
to jasper-maint/jasper
that referenced
this pull request
Jun 16, 2020
This fixes CVE-2018-19541. We need to verify the data is in the expected range. Otherwise we get problems later. This is a better fix for jasper-software/jasper#199 which caused segfaults under certain circumstances. See: jasper-software/jasper#211 Fix #6
jubalh
pushed a commit
to jasper-maint/jasper
that referenced
this pull request
Jun 16, 2020
This fixes CVE-2018-19541. We need to verify the data is in the expected range. Otherwise we get problems later. This is a better fix for jasper-software/jasper#199 which caused segfaults under certain circumstances. See: jasper-software/jasper#211 Fix #6
jubalh
pushed a commit
to jasper-maint/jasper
that referenced
this pull request
Jun 17, 2020
This fixes CVE-2018-19541. We need to verify the data is in the expected range. Otherwise we get problems later. This is a better fix for jasper-software/jasper#199 which caused segfaults under certain circumstances. See: jasper-software/jasper#211 Fix #6
|
Merged in 27d5a88 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes CVE-2018-19541.
We need to verify the data is in the expected range. Otherwise we get
problems later.
This is a better fix for #199
which caused segfaults under certain circumstances.
Patch by Adam Majer [email protected]