Fork of openjpeg library for JPEG2000 encoding and decoding https://git.carlh.net/cgit/openjpeg/atom?h=v2.3.1 2018-12-14T04:10:35Z 2018-12-14T04:10:35Z Hugo Lefeuvre hle@debian.org 2018-12-14T03:58:40Z urn:sha1:8ee335227bbcaf1614124046aa25e53d67b11ec3 width/length dimensions read from bmp headers are not necessarily valid. For instance they may have been maliciously set to very large values with the intention to cause DoS (large memory allocation, stack overflow). In these cases we want to detect the invalid size as early as possible. This commit introduces a counter which verifies that the number of written bytes corresponds to the advertized width/length. Fixes #1059 (CVE-2018-6616). 2018-11-16T08:42:19Z Even Rouault even.rouault@mines-paris.org 2018-11-16T08:42:19Z urn:sha1:92023cd6c377e0384a7725949b25655d4d94dced jp3d/jpwl convert: fix write stack buffer overflow 2018-11-07T17:53:18Z Hugo Lefeuvre hle@debian.org 2018-11-07T17:48:29Z urn:sha1:cab352e249ed3372dd9355c85e837613fff98fa2 Tile components in a JP2 image might have null data pointer by defining a zero component size (for example using large horizontal or vertical sampling periods). This null data pointer leads to null image component data pointer, causing crash when dereferenced without != null check in imagetopnm. Add != null check. This commit addresses #1152 (CVE-2018-18088). 2018-10-31T19:44:30Z Stefan Weil sw@weilnetz.de 2018-10-31T19:44:30Z urn:sha1:948332e6ed17565100d1df5f6fdbf66865218e36 * Fix some potential overflow issues Put sizeof to the beginning of the multiplication to enforce that size_t instead of smaller integer types is used for the calculation. This fixes warnings from LGTM: Multiplication result may overflow 'unsigned int' before it is converted to 'unsigned long'. It also allows removing some type casts. Signed-off-by: Stefan Weil <sw@weilnetz.de> * Fix code indentation Signed-off-by: Stefan Weil <sw@weilnetz.de> 2018-10-31T15:16:22Z Nikola Forró nforro@redhat.com 2018-10-31T12:39:05Z urn:sha1:943db0f1c28ca6a7df6d18483f97166a03be9bf7 Signed-off-by: Nikola Forró <nforro@redhat.com> 2018-09-22T21:54:12Z Even Rouault even.rouault@mines-paris.org 2018-09-22T21:54:12Z urn:sha1:0e6a5553cfef21b764d289585af2c6934a95456b CVE-2018-5785: fix issues with zero bitmasks 2018-09-22T20:55:33Z Even Rouault even.rouault@mines-paris.org 2018-09-22T20:55:33Z urn:sha1:17bbb0e23ff03bb722914841a9b962b21fe7a310 Fix some typos in code comments and documentation 2018-09-22T18:51:50Z Hugo Lefeuvre hle@debian.org 2018-09-22T18:33:19Z urn:sha1:ca16fe55014c57090dd97369256c7657aeb25975 In the case where a BMP file declares compression 3 (BI_BITFIELDS) with header size <= 56, all bitmask values keep their initialization value 0. This may lead to various undefined behavior later e.g. when doing 1 << (l_comp->prec - 1). This issue does not affect files with bit count 16 because of a check added in 16240e2 which sets default values to the color masks if they are all 0. This commit adds similar checks for the 32 bit case. Also, if a BMP file declares compression 3 with header size >= 56 and intentional 0 bitmasks, the same issue will be triggered in both the 16 and 32 bit count case. This commit adds checks to bmp_read_info_header() rejecting BMP files with "intentional" 0 bitmasks. These checks might be removed in the future when proper handling of zero bitmasks will be available in openjpeg2. fixes #1057 (CVE-2018-5785) 2018-09-05T18:01:10Z Stefan Weil sw@weilnetz.de 2018-07-30T19:04:28Z urn:sha1:3d6ffaf3f3463b62830f88f50a8c1b510f555eb5 All typos were found by Codespell. Signed-off-by: Stefan Weil <sw@weilnetz.de> 2018-08-31T14:24:41Z szukw000 szukw000@arcor.de 2018-08-31T14:24:41Z urn:sha1:98363e244e027c731f73ee8239d3c19451a9153b