636f201062
Fix CVE-2021-29338: Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files. Fix CVE-2022-1122: A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. Drop patches (already in version) https://github.com/uclouvain/openjpeg/blob/v2.5.0/NEWS.md Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 lines
198 B
Plaintext
4 lines
198 B
Plaintext
# Locally computed:
|
|
sha256 0333806d6adecc6f7a91243b2b839ff4d2053823634d4f6ed7a59bc87409122a openjpeg-2.5.0.tar.gz
|
|
sha256 a6af136f3e15038a666b61f376612a07d9a4e48cb7c01adbf3e33b3f14ab49b6 LICENSE
|