Bug 2333951

Summary: heap-buffer-overflow at lib/openjp2/j2k.c:8460:84 in opj_j2k_add_tlmarker in openjpeg/opj_decompress
Product: [Fedora] Fedora Reporter: frankz <289924720>
Component: openjpegAssignee: Stewart Smith <trawets>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 41CC: manisandro, rdieter, sergio, trawets
Target Milestone: ---Keywords: Security, VerifiedOnDev
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://github.com/uclouvain/openjpeg/issues/1564
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-01-09 02:31:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description frankz 2024-12-24 07:58:41 UTC 
This bug is triggered when we use opj_decompress with the -t option and its argument set to 1.
version v2.5.2 also has this vulnerability.

Reproducible: Always

Steps to Reproduce:
git clone https://github.com/uclouvain/openjpeg.git
cd openjpeg
cmake . -DCMAKE_BUILD_TYPE=Debug \
-DCMAKE_C_COMPILER=clang \
-DCMAKE_CXX_COMPILER=clang++ \
-DCMAKE_C_FLAGS="-fsanitize=address" \
-DCMAKE_CXX_FLAGS="-fsanitize=address"
make -j20

./bin/opj_decompress -i poc2openjpeg -o tmp.pnm -t 1

For poc file and detailed reproduction process, please see:https://github.com/uclouvain/openjpeg/issues/1564

The developers has confirmed and fixed this bug:https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
Comment 1 frankz 2024-12-24 08:09:56 UTC 
Thanks for your time. I would appreciate it if a CVE number could be assigned.
Comment 2 Fedora Update System 2024-12-24 18:44:14 UTC 
FEDORA-2024-272544ceb9 (openjpeg2-2.5.3-1.fc40) has been submitted as an update to Fedora 40.
https://bodhi.fedoraproject.org/updates/FEDORA-2024-272544ceb9
Comment 3 Fedora Update System 2024-12-25 02:43:25 UTC 
FEDORA-2024-272544ceb9 has been pushed to the Fedora 40 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-272544ceb9`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-272544ceb9

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Fedora Update System 2025-01-09 02:31:23 UTC 
FEDORA-2024-272544ceb9 (openjpeg2-2.5.3-1.fc40) has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.