godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-06 18:09:44 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
950cbfaa8ae3df19b06104ba9d97aa3ffdc038b9
buildroot/package/openjpeg
History
Fabrice Fontaine ef7af0cae7 package/openjpeg: fix CVE-2020-15389 
Fix CVE-2020-15389: jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a
use-after-free that can be triggered if there is a mix of valid and
invalid files in a directory operated on by the decompressor. Triggering
a double-free may also be possible. This is related to calling
opj_image_destroy twice.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b006cc373f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-08-29 20:21:38 +02:00
..
0001-thirdparty-tiff-append-flags-found-by-pkg-config-if-.patch
0002-thirdparty-lcms2-append-flags-found-by-pkg-config-if.patch
0003-CMakeLists.txt-Don-t-require-a-C-compiler.patch
0004-convertbmp-detect-invalid-file-dimensions-early.patch
0005-bmp_read_rle4_data-avoid-potential-infinite-loop.patch
0006-opj_j2k_update_image_dimensions-reject-images-whose-coordinates.patch
0007-opj_tcd_init_tile-avoid-integer-overflow.patch
0008-opj_decompress-fix-double-free-on-input-directory-with-mix-of-valid.patch
Config.in
openjpeg.hash
openjpeg.mk