Bug 2333954

Summary: heap-buffer-overflow at bin/common/color.c:215:42 in sycc422_to_rgb in openjpeg/opj_decompress
Product: [Fedora] Fedora Reporter: frankz <289924720>
Component: openjpegAssignee: Stewart Smith <trawets>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 41CC: manisandro, rdieter, sergio, trawets
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://github.com/uclouvain/openjpeg/issues/1563
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-01-09 02:31:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description frankz 2024-12-24 08:38:41 UTC 
This bug is triggered when we use opj_decompress with the -r option and its argument set to 2.
version v2.5.2 also has this vulnerability.

Reproducible: Always

Steps to Reproduce:
git clone https://github.com/uclouvain/openjpeg.git
cd openjpeg
cmake . -DCMAKE_BUILD_TYPE=Debug \
-DCMAKE_C_COMPILER=clang \
-DCMAKE_CXX_COMPILER=clang++ \
-DCMAKE_C_FLAGS="-fsanitize=address" \
-DCMAKE_CXX_FLAGS="-fsanitize=address"
make -j20

./bin/opj_decompress -i poc1openjpeg -o tmp.pnm -r 2



For poc file and detailed reproduction process, please https://github.com/uclouvain/openjpeg/issues/1563

The developers has confirmed and fixed this bug:https://github.com/uclouvain/openjpeg/commit/98592ee6d6904f1b48e8207238779b89a63befa2
Comment 1 frankz 2024-12-24 08:39:12 UTC 
Thanks for your time. I would appreciate it if a CVE number could be assigned.
Comment 2 Sergio Basto 2024-12-24 12:28:53 UTC 
the updates are already out there 

https://bodhi.fedoraproject.org/updates/?packages=openjpeg
Comment 3 Fedora Update System 2024-12-24 17:44:34 UTC 
FEDORA-2024-6e816ca6d9 (openjpeg-2.5.3-2.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2024-6e816ca6d9
Comment 4 Fedora Update System 2024-12-24 18:44:16 UTC 
FEDORA-2024-272544ceb9 (openjpeg2-2.5.3-1.fc40) has been submitted as an update to Fedora 40.
https://bodhi.fedoraproject.org/updates/FEDORA-2024-272544ceb9
Comment 5 Fedora Update System 2024-12-25 02:43:28 UTC 
FEDORA-2024-272544ceb9 has been pushed to the Fedora 40 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-272544ceb9`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-272544ceb9

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2025-01-09 02:31:26 UTC 
FEDORA-2024-272544ceb9 (openjpeg2-2.5.3-1.fc40) has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.