diff --git a/CVE-2021-27845.patch b/CVE-2021-27845.patch new file mode 100644 index 0000000000000000000000000000000000000000..b40829b652ba4831b66259e83ffd17f4c17d7cff --- /dev/null +++ b/CVE-2021-27845.patch @@ -0,0 +1,26 @@ +From fd564ee3377d9fc2484c657e4f464a3fb9764d31 Mon Sep 17 00:00:00 2001 +From: Max Kellermann +Date: Mon, 29 Jun 2020 13:47:09 +0200 +Subject: [PATCH] jpc_enc: validate raw_size, prevent division by zero in + cp_create() + +Closes https://github.com/mdadams/jasper/issues/194 (part 1) +--- + src/libjasper/jpc/jpc_enc.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c +index d60a4471..3b6b1e81 100644 +--- a/src/libjasper/jpc/jpc_enc.c ++++ b/src/libjasper/jpc/jpc_enc.c +@@ -428,6 +428,10 @@ static jpc_enc_cp_t *cp_create(const char *optstr, jas_image_t *image) + } + + cp->rawsize = jas_image_rawsize(image); ++ if (cp->rawsize == 0) { ++ /* prevent division by zero in cp_create() */ ++ goto error; ++ } + cp->totalsize = UINT_FAST32_MAX; + + tcp = &cp->tcp; diff --git a/jasper.spec b/jasper.spec index d92255b08eeb57b9371290c8f56d1ef52b94f1df..5e6c45519dfa878950f9aecfbd86cec98d92d18e 100644 --- a/jasper.spec +++ b/jasper.spec @@ -1,6 +1,6 @@ Name: jasper Version: 2.0.14 -Release: 9 +Release: 10 Summary: Reference implementation of the codec specified in the JPEG-2000 standard, Part 1 License: JasPer URL: http://www.ece.uvic.ca/~frodo/jasper/ @@ -18,6 +18,7 @@ Patch0009: CVE-2018-19540.patch Patch0010: CVE-2018-19541.patch Patch0011: CVE-2018-20570.patch Patch0012: CVE-2018-20622.patch +Patch0013: CVE-2021-27845.patch BuildRequires: cmake freeglut-devel libGLU-devel libjpeg-devel libXmu-devel libXi-devel BuildRequires: pkgconfig doxygen mesa-libGL-devel @@ -97,6 +98,9 @@ make test -C builder %doc README %changelog +* Wed Sep 8 2021 liwu - 2.0.14-10 +- fix CVE-2021-27845 + * Wed Sep 16 2020 wutao - 2.0.14-9 - fix folllowing CVE in this revision CVE-2018-18873