mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-05 14:09:53 +03:00
4a944b6a2d
Fixes the following security issues:
CVE-2016-10504: Heap-based buffer overflow vulnerability in the
opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote
attackers to cause a denial of service (application crash) via a crafted bmp
file.
CVE-2016-10505: NULL pointer dereference vulnerabilities in the imagetopnm
function in convert.c, sycc444_to_rgb function in color.c,
color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in
color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of
service (application crash) via crafted j2k files.
CVE-2016-10506: Division-by-zero vulnerabilities in the functions
opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG
before 2.2.0 allow remote attackers to cause a denial of service
(application crash) via crafted j2k files.
CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function
in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a
denial of service (heap-based buffer over-read and application crash) via a
crafted bmp file.
[Peter: extend commit message with security fixes info]
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 37b2fe73cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 lines
115 B
Plaintext
3 lines
115 B
Plaintext
# Locally computed:
|
|
sha256 6fddbce5a618e910e03ad00d66e7fcd09cc6ee307ce69932666d54c73b7c6e7b openjpeg-2.2.0.tar.gz
|