Google Git
Sign in
android-kvm / buildroot / ef7af0cae7c51048d721feac7852c9b3a7104c12
commitef7af0cae7c51048d721feac7852c9b3a7104c12[log] [tgz]
authorFabrice Fontaine <fontaine.fabrice@gmail.com>Thu Aug 27 22:40:12 2020 +0200
committerPeter Korsgaard <peter@korsgaard.com>Sat Aug 29 20:21:38 2020 +0200
tree701c25f64aca35fe8454321bdfc30fcad1a5dbf1
parent658826e13d79bf78eeb22575241a82f83099d852 [diff]
package/openjpeg: fix CVE-2020-15389

Fix CVE-2020-15389: jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a
use-after-free that can be triggered if there is a mix of valid and
invalid files in a directory operated on by the decompressor. Triggering
a double-free may also be possible. This is related to calling
opj_image_destroy twice.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b006cc373f96ec86c027779e113c8f70bc40d1c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
1 file changed
tree: 701c25f64aca35fe8454321bdfc30fcad1a5dbf1
  1. arch/
  2. board/
  3. boot/
  4. configs/
  5. docs/
  6. fs/
  7. linux/
  8. package/
  9. support/
  10. system/
  11. toolchain/
  12. utils/
  13. .defconfig
  14. .flake8
  15. .gitignore
  16. .gitlab-ci.yml
  17. .gitlab-ci.yml.in
  18. CHANGES
  19. Config.in
  20. Config.in.legacy
  21. COPYING
  22. DEVELOPERS
  23. Makefile
  24. Makefile.legacy
  25. README