[meta-oe,07/13] openjpeg: patch CVE-2023-39327

Message ID	20260223191850.1049304-7-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 07/13] openjpeg: patch CVE-2023-39327 Date: Mon, 23 Feb 2026 20:18:44 +0100 Message-ID: <20260223191850.1049304-7-skandigraun@gmail.com> In-Reply-To: <20260223191850.1049304-1-skandigraun@gmail.com> References: <20260223191850.1049304-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,01/13] freerdp: patch CVE-2026-22852 \| expand [meta-oe,01/13] freerdp: patch CVE-2026-22852 [meta-oe,02/13] freerdp: ignore CVE-2026-22853 [meta-gnome,03/13] gimp: ignore already fixed CVEs [meta-gnome,04/13] gnome-shell: ignore CVE-2021-3982 [meta-oe,05/13] libcdio: mark CVE-2024-36600 fixed [meta-multimedia,06/13] minidlna: ignore CVE-2024-51442 [meta-oe,07/13] openjpeg: patch CVE-2023-39327 [meta-oe,08/13] polkit: add info about CVE-2016-2568 [meta-oe,09/13] protobuf: ignore CVE-2026-0994 [meta-oe,10/13] live555: upgrade 20210824 -> 20260112 [meta-python,11/13] python3-pillow: upgrade 12.1.0 -> 12.1.1 [meta-python,12/13] python3-werkzeug: upgrade 3.1.5 -> 3.1.6 [meta-webserver,13/13] webmin: patch CVE-2025-67738

Message ID

20260223191850.1049304-7-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][PATCH 07/13] openjpeg: patch CVE-2023-39327
Date: Mon, 23 Feb 2026 20:18:44 +0100
Message-ID: <20260223191850.1049304-7-skandigraun@gmail.com>
In-Reply-To: <20260223191850.1049304-1-skandigraun@gmail.com>
References: <20260223191850.1049304-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,01/13] freerdp: patch CVE-2026-22852 | expand

Commit Message

Gyorgy Sarvari Feb. 23, 2026, 7:18 p.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327

Take the patch that is used by OpenSUSE to mitigate this vulnerability.
Upstream seems to be unresponsive to this issue.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../openjpeg/openjpeg/CVE-2023-39327.patch    | 50 +++++++++++++++++++
 .../openjpeg/openjpeg_2.5.4.bb                |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch

diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch
new file mode 100644
index 0000000000..05e504a18e
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch
@@ -0,0 +1,50 @@ 
+From a3504b2484cf7443c547037511c40f59aff8ae5a Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Mon, 23 Feb 2026 17:22:18 +0100
+Subject: [PATCH] CVE-2023-39327
+
+This patch fixes CVE-2023-39327.
+
+This patch comes from OpenSuse:
+https://build.opensuse.org/projects/openSUSE:Factory/packages/openjpeg2/files/openjpeg2-cve-2023-39327-limit-iterations.patch
+
+Upstream seems to unresponsive to this vulnerability.
+
+Upstream-Status: Inactive-Upstream [inactive, when it comes to CVEs]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/lib/openjp2/t2.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
+index 4e8cf601..ad39cd74 100644
+--- a/src/lib/openjp2/t2.c
++++ b/src/lib/openjp2/t2.c
+@@ -441,6 +441,8 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd,
+          * and no l_img_comp->resno_decoded are computed
+          */
+         OPJ_BOOL* first_pass_failed = NULL;
++        OPJ_UINT32 l_packet_count = 0;
++        OPJ_UINT32 l_max_packets = 100000;
+ 
+         if (l_current_pi->poc.prg == OPJ_PROG_UNKNOWN) {
+             /* TODO ADE : add an error */
+@@ -457,6 +459,17 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd,
+ 
+         while (opj_pi_next(l_current_pi)) {
+             OPJ_BOOL skip_packet = OPJ_FALSE;
++            
++            /* CVE-2023-39327: Check for excessive packet iterations */
++            if (++l_packet_count > l_max_packets) {
++                opj_event_msg(p_manager, EVT_ERROR,
++                              "Excessive packet iterations detected (>%u). Possible malformed stream.\n",
++                              l_max_packets);
++                opj_pi_destroy(l_pi, l_nb_pocs);
++                opj_free(first_pass_failed);
++                return OPJ_FALSE;
++            }
++            
+             JAS_FPRINTF(stderr,
+                         "packet offset=00000166 prg=%d cmptno=%02d rlvlno=%02d prcno=%03d lyrno=%02d\n\n",
+                         l_current_pi->poc.prg1, l_current_pi->compno, l_current_pi->resno,
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb
index 6d7d87f5f1..33dc48b2ea 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb
@@ -7,6 +7,7 @@  DEPENDS = "libpng tiff lcms zlib"
 
 SRC_URI = "git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \
            file://0001-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \
+           file://CVE-2023-39327.patch \
            "
 SRCREV = "6c4a29b00211eb0430fa0e5e890f1ce5c80f409f"

[meta-oe,07/13] openjpeg: patch CVE-2023-39327

Commit Message

Patch