From f39af9375bb098953d0fff77efa0cdc25853dc6a Mon Sep 17 00:00:00 2001
From: liweigang <liweiganga@uniontech.com>
Date: Thu, 7 Aug 2025 16:25:43 +0800
Subject: [PATCH] fix CVE-2025-54874

---
 backport-CVE-2025-54874.patch | 37 +++++++++++++++++++++++++++++++++++
 openjpeg2.spec                |  9 ++++++++-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-54874.patch

diff --git a/backport-CVE-2025-54874.patch b/backport-CVE-2025-54874.patch
new file mode 100644
index 0000000..712a581
--- /dev/null
+++ b/backport-CVE-2025-54874.patch
@@ -0,0 +1,37 @@
+From f809b80c67717c152a5ad30bf06774f00da4fd2d Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Thu, 16 Jan 2025 02:13:43 +0100
+Subject: [PATCH] opj_jp2_read_header: Check for error after parsing header.
+
+Consider the case where the caller has not set the p_image
+pointer to NULL before calling opj_read_header().
+
+If opj_j2k_read_header_procedure() fails while obtaining the rest
+of the marker segment when calling opj_stream_read_data() because
+the data stream is too short, then opj_j2k_read_header() will
+never have the chance to initialize p_image, leaving it
+uninitialized.
+
+opj_jp2_read_header() will check the p_image value whether
+opj_j2k_read_header() suceeded or failed. This may be detected as
+an error in valgrind or ASAN.
+
+The fix is to check whether opj_j2k_read_header() suceeded before
+using the output argument p_image.
+---
+ src/lib/openjp2/jp2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c
+index 4df055a54..da5063186 100644
+--- a/src/lib/openjp2/jp2.c
++++ b/src/lib/openjp2/jp2.c
+@@ -2873,7 +2873,7 @@ OPJ_BOOL opj_jp2_read_header(opj_stream_private_t *p_stream,
+                               p_image,
+                               p_manager);
+ 
+-    if (p_image && *p_image) {
++    if (ret && p_image && *p_image) {
+         /* Set Image Color Space */
+         if (jp2->enumcs == 16) {
+             (*p_image)->color_space = OPJ_CLRSPC_SRGB;
diff --git a/openjpeg2.spec b/openjpeg2.spec
index 0d95b7c..8c98e2f 100644
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@@ -2,7 +2,7 @@
 
 Name:           openjpeg2
 Version:        2.5.0
-Release:        7
+Release:        8
 Summary:        C-Library for JPEG 2000
 License:        BSD and MIT
 URL:            https://github.com/uclouvain/openjpeg
@@ -13,6 +13,7 @@ Patch1:         backport-CVE-2023-39328.patch
 Patch2:         backport-CVE-2021-3575.patch
 Patch3:         backport-CVE-2024-56826.patch
 Patch4:         backport-CVE-2024-56827.patch
+Patch5:         backport-CVE-2025-54874.patch
 
 BuildRequires:  cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel
 BuildRequires:  jbigkit-devel libjpeg-turbo-devel
@@ -103,6 +104,12 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 %{_bindir}/opj2_dump
 
 %changelog
+* Thu Aug 07 2025 liweigang <liweiganga@uniontech.com> - 2.5.0-8
+- Type: CVE
+- CVE: CVE-2025-54874
+- SUG: NA
+- DESC: fix CVE-2025-54874
+
 * Tue Jan 7 2025 changtao <changtao@kylinos.cn> - 2.5.0-7
 - Type: CVE
 - CVE: CVE-2024-56827
-- 
Gitee