diff mbox series

[meta-oe,kirkstone,1/4] jasper: patch CVE-2023-51257

Message ID 20251123174309.2625557-1-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,kirkstone,1/4] jasper: patch CVE-2023-51257 | expand

Commit Message

Gyorgy Sarvari Nov. 23, 2025, 5:43 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-51257

Pick the patch that's marked to solve the issue linked in the
nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../jasper/jasper/CVE-2023-51257.patch        | 40 +++++++++++++++++++
 .../recipes-graphics/jasper/jasper_2.0.33.bb  |  4 +-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch b/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch
new file mode 100644
index 0000000000..96c23698b9
--- /dev/null
+++ b/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch
@@ -0,0 +1,40 @@ 
+From b19a51001e681d6c4bbc32b43bd425dee7f2caff Mon Sep 17 00:00:00 2001
+From: Michael Adams <mdadams@ece.uvic.ca>
+Date: Thu, 14 Dec 2023 19:04:19 -0800
+Subject: [PATCH] Fixes #367.
+
+Fixed an integer-overflow bug in the ICC profile parsing code.
+Added another invalid image to the test set.
+
+CVE: CVE-2023-51257
+Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/aeef5293c978158255ad4f127089644745602f2a]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/libjasper/base/jas_icc.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/libjasper/base/jas_icc.c b/src/libjasper/base/jas_icc.c
+index 905b823..7e69bd4 100644
+--- a/src/libjasper/base/jas_icc.c
++++ b/src/libjasper/base/jas_icc.c
+@@ -1295,10 +1295,20 @@ static int jas_icctxt_input(jas_iccattrval_t *attrval, jas_stream_t *in,
+ {
+ 	jas_icctxt_t *txt = &attrval->data.txt;
+ 	txt->string = 0;
++	/* The string must at least contain a single null character. */
++	if (cnt < 1) {
++		goto error;
++	}
+ 	if (!(txt->string = jas_malloc(cnt)))
+ 		goto error;
+ 	if (jas_stream_read(in, txt->string, cnt) != cnt)
+ 		goto error;
++	/* Ensure that the string is null terminated. */
++	if (txt->string[cnt - 1] != '\0') {
++		goto error;
++	}
++	/* The following line is redundant, unless we do not enforce that
++	the last character must be null. */
+ 	txt->string[cnt - 1] = '\0';
+ 	if (strlen(txt->string) + 1 != cnt)
+ 		goto error;
diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
index 27dff82df5..522adba93d 100644
--- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
+++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
@@ -3,7 +3,9 @@  HOMEPAGE = "https://jasper-software.github.io/jasper/"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb"
 
-SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master"
+SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master \
+           file://CVE-2023-51257.patch \
+           "
 SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"
 
 CVE_CHECK_IGNORE += "\