Bug 1047494 - Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images [NEEDINFO]
Summary: Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openjpeg
Version: 6.5
Hardware: x86_64
OS: Linux
medium
high
Target Milestone: rc
: ---
Assignee: Petr Hracek
QA Contact: Filip Holec
URL:
Whiteboard:
Depends On:
Blocks: 994246 1075802 1159820 1159926
TreeView+ depends on / blocked
 
Reported: 2013-12-31 11:17 UTC by Olle Eriksson
Modified: 2019-02-15 13:36 UTC (History)
11 users (show)

Fixed In Version: openjpeg-1.3-11.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1207473 (view as bug list)
Environment:
Last Closed: 2014-12-17 09:26:57 UTC
phracek: needinfo? (mmello)


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:2001 normal SHIPPED_LIVE openjpeg bug fix update 2014-12-17 14:26:35 UTC
Debian BTS 734238 None None None Never

Description Olle Eriksson 2013-12-31 11:17:47 UTC
Description of problem:

openslide-write-png /home/christophe/Documents/Data/SVS/CB/CB2.svs 1000 1000 0 100 100 test.png

(process:12528): Openslide-CRITICAL **: Error decoding tile. Component 1 contains only 32768 blocks while component 0 has 65536 blocks

openslide-write-png: Error decoding tile. Component 1 contains only 32768 blocks while component 0 has 65536 blocks



Version-Release number of selected component (if applicable):

openslide-tools-3.2.6-1.el6.x86_64
openjpeg-libs-1.3-10.el6_5.x86_64

How reproducible:

always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:

works as expected with

openjpeg-libs-1.3-9.el6_3.x86_64


Additional info:

Comment 1 Benjamin Gilbert 2014-01-05 02:58:43 UTC
Reassigning to openjpeg.

The OpenJPEG patch for CVE-2013-6045 disables decoding of images whose first color component has a higher resolution than subsequent components. This is a legitimate image encoding; consider, for example, YCbCr images with chroma subsampling.  This change is preventing OpenSlide from decoding certain Aperio slide files (example slide at [1]).

For example, consider p0_06.j2k from the OpenJPEG test suite [2].  With 1.3-9.el6_3:

$ j2k_to_image -i p0_06.j2k -o out.ppm

[INFO] tile 1 of 1
[INFO] - tiers-1 took 0.020997 s
[INFO] - dwt took 0.002000 s
[INFO] - tile decoded in 0.027995 s
PNM CONVERSION: Truncating component 0 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 1 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 2 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 3 from 12 bits to 8 bits
Generated Outfile out.ppm

With 1.3-10.el6_5, the same command produces:

[INFO] tile 1 of 1
[ERROR] Error decoding tile. Component 1 contains only 33153 blocks while component 0 has 66177 blocks
ERROR -> j2k_to_image: failed to decode image!


[1]: http://openslide.cs.cmu.edu/download/openslide-testdata/Aperio/JP2K-33003-1.svs
[2]: http://openjpeg.googlecode.com/svn/data/input/conformance/p0_06.j2k

Comment 3 Murray McAllister 2014-01-18 03:54:02 UTC
The Debian bug has an ongoing discussion about this issue:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734238

Comment 4 Murray McAllister 2014-01-18 04:02:02 UTC
(In reply to Murray McAllister from comment #3)
> The Debian bug has an ongoing discussion about this issue:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734238

I missed the "See Also". Sorry for the noise/duplicate

Comment 5 Benjamin Gilbert 2014-04-27 03:28:33 UTC
Debian has released updated packages that fix this problem:

https://lists.debian.org/debian-security-announce/2014/msg00090.html

The corrected patch is in the Debian bug.

Comment 14 errata-xmlrpc 2014-12-17 09:26:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2014-2001.html


Note You need to log in before you can comment on or make changes to this bug.