Bug 1207473

Summary: Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images
Product: Red Hat Enterprise Linux 7 Reporter: Max Kolasinski <kolasinskim>
Component: openjpegAssignee: Nikola Forró <nforro>
Status: CLOSED ERRATA QA Contact: David Jež <djez>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.2CC: adam, bgilbert, cww, dkutalek, isenfeld, jkejda, mmcallis, mmello, ohudlick, ovasik, pandrade, phracek, rdieter, wburrows
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openjpeg-1.5.1-11.el7 Doc Type: Bug Fix
Doc Text:
Cause: CVE-2013-6045 was fixed in a way that broke decoding of chroma-subsampled images with openjpeg. Consequence: Chroma-subsampled images failed to decode with openjpeg. Fix: Patch for CVE-2013-6045 was altered not to have an impact on decoding of chroma-subsampled images. Result: Chroma-subsampled images can now be successfully decoded with openjpeg.
 Story Points: ---
Clone Of: 1047494 Environment:
Last Closed: 2017-08-01 16:09:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1305230, 1380364, 1393870    

Description Max Kolasinski 2015-03-31 01:30:07 UTC 
+++ This bug was initially created as a clone of Bug #1047494 +++

I am also seeing this bug on RHEL 7.1. I've replaced the version information to reflect the packages available on 7.1.

Description of problem:

openslide-write-png /home/christophe/Documents/Data/SVS/CB/CB2.svs 1000 1000 0 100 100 test.png

(process:12528): Openslide-CRITICAL **: Error decoding tile. Component 1 contains only 32768 blocks while component 0 has 65536 blocks

openslide-write-png: Error decoding tile. Component 1 contains only 32768 blocks while component 0 has 65536 blocks



Version-Release number of selected component (if applicable):

openslide-tools-3.4.0-1.el7.x86_64
openjpeg-libs-1.5.1-10.el7.x86_64

How reproducible:

always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:

Don't seem to be able to downgrade to 1.3 on RHEL7, but according to the cloned ticket  it works as expected on 6 with

openjpeg-libs-1.3-9.el6_3.x86_64


Additional info:

--- Additional comment from Benjamin Gilbert on 2014-01-04 21:58:43 EST ---

Reassigning to openjpeg.

The OpenJPEG patch for CVE-2013-6045 disables decoding of images whose first color component has a higher resolution than subsequent components. This is a legitimate image encoding; consider, for example, YCbCr images with chroma subsampling.  This change is preventing OpenSlide from decoding certain Aperio slide files (example slide at [1]).

For example, consider p0_06.j2k from the OpenJPEG test suite [2].  With 1.3-9.el6_3:

$ j2k_to_image -i p0_06.j2k -o out.ppm

[INFO] tile 1 of 1
[INFO] - tiers-1 took 0.020997 s
[INFO] - dwt took 0.002000 s
[INFO] - tile decoded in 0.027995 s
PNM CONVERSION: Truncating component 0 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 1 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 2 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 3 from 12 bits to 8 bits
Generated Outfile out.ppm

With 1.3-10.el6_5, the same command produces:

[INFO] tile 1 of 1
[ERROR] Error decoding tile. Component 1 contains only 33153 blocks while component 0 has 66177 blocks
ERROR -> j2k_to_image: failed to decode image!


[1]: http://openslide.cs.cmu.edu/download/openslide-testdata/Aperio/JP2K-33003-1.svs
[2]: http://openjpeg.googlecode.com/svn/data/input/conformance/p0_06.j2k

--- Additional comment from Murray McAllister on 2014-01-17 22:54:02 EST ---

The Debian bug has an ongoing discussion about this issue:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734238

--- Additional comment from Murray McAllister on 2014-01-17 23:02:02 EST ---

(In reply to Murray McAllister from comment #3)
> The Debian bug has an ongoing discussion about this issue:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734238

I missed the "See Also". Sorry for the noise/duplicate

--- Additional comment from Benjamin Gilbert on 2014-04-26 23:28:33 EDT ---

Debian has released updated packages that fix this problem:

https://lists.debian.org/debian-security-announce/2014/msg00090.html

The corrected patch is in the Debian bug.

--- Additional comment from errata-xmlrpc on 2014-12-17 04:26:57 EST ---

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2014-2001.html
Comment 10 errata-xmlrpc 2017-08-01 16:09:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1870