diff mbox series

[meta-oe,kirkstone,4/4] jasper: patch CVE-2025-8837

Message ID 20251123174309.2625557-4-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,kirkstone,1/4] jasper: patch CVE-2023-51257 | expand

Commit Message

Gyorgy Sarvari Nov. 23, 2025, 5:43 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8837

Pick the patch that is referenced by the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../jasper/jasper/CVE-2025-8837.patch         | 63 +++++++++++++++++++
 .../recipes-graphics/jasper/jasper_2.0.33.bb  |  1 +
 2 files changed, 64 insertions(+)
 create mode 100644 meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch
new file mode 100644
index 0000000000..7a1eefa6c6
--- /dev/null
+++ b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch
@@ -0,0 +1,63 @@ 
+From 61c37530a3abcb5db2f7a431e91dbb3531ff1816 Mon Sep 17 00:00:00 2001
+From: Michael Adams <mdadams@ece.uvic.ca>
+Date: Tue, 5 Aug 2025 20:46:48 -0700
+Subject: [PATCH] Fixes #402, #403.
+
+JPEG-2000 (JPC) Decoder:
+- Added the setting of several pointers to null in some cleanup code
+  after the pointed-to memory was freed.  This pointer nulling is not
+  needed normally, but it is needed when certain debugging logs are
+  enabled (so that the debug code understands that the memory associated
+  with the aforementioned pointers has been freed).
+
+CVE: CVE-2025-8837
+Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/libjasper/jpc/jpc_dec.c |  13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/src/libjasper/jpc/jpc_dec.c b/src/libjasper/jpc/jpc_dec.c
+index 2553696..c2600c4 100644
+--- a/src/libjasper/jpc/jpc_dec.c
++++ b/src/libjasper/jpc/jpc_dec.c
+@@ -1107,23 +1107,23 @@ static int jpc_dec_tilefini(jpc_dec_t *dec, jpc_dec_tile_t *tile)
+ 
+ 	if (tile->cp) {
+ 		jpc_dec_cp_destroy(tile->cp);
+-		//tile->cp = 0;
++		tile->cp = 0;
+ 	}
+ 	if (tile->tcomps) {
+ 		jas_free(tile->tcomps);
+-		//tile->tcomps = 0;
++		tile->tcomps = 0;
+ 	}
+ 	if (tile->pi) {
+ 		jpc_pi_destroy(tile->pi);
+-		//tile->pi = 0;
++		tile->pi = 0;
+ 	}
+ 	if (tile->pkthdrstream) {
+ 		jas_stream_close(tile->pkthdrstream);
+-		//tile->pkthdrstream = 0;
++		tile->pkthdrstream = 0;
+ 	}
+ 	if (tile->pptstab) {
+ 		jpc_ppxstab_destroy(tile->pptstab);
+-		//tile->pptstab = 0;
++		tile->pptstab = 0;
+ 	}
+ 
+ 	tile->state = JPC_TILE_DONE;
+@@ -2259,6 +2259,9 @@ static int jpc_dec_dump(const jpc_dec_t *dec, FILE *out)
+ 	const jpc_dec_tile_t *tile;
+ 	for (tileno = 0, tile = dec->tiles; tileno < dec->numtiles;
+ 	  ++tileno, ++tile) {
++		if (!tile->tcomps) {
++			continue;
++		}
+ 		assert(!dec->numcomps || tile->tcomps);
+ 		unsigned compno;
+ 		const jpc_dec_tcomp_t *tcomp;
diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
index d78250306b..e972b7b85a 100644
--- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
+++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
@@ -7,6 +7,7 @@  SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=mas
            file://CVE-2023-51257.patch \
            file://CVE-2025-8835.patch \
            file://CVE-2025-8836.patch \
+           file://CVE-2025-8837.patch \
            "
 SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"