This bug is triggered when we use opj_decompress with the -t option and its argument set to 1. version v2.5.2 also has this vulnerability. Reproducible: Always Steps to Reproduce: git clone https://github.com/uclouvain/openjpeg.git cd openjpeg cmake . -DCMAKE_BUILD_TYPE=Debug \ -DCMAKE_C_COMPILER=clang \ -DCMAKE_CXX_COMPILER=clang++ \ -DCMAKE_C_FLAGS="-fsanitize=address" \ -DCMAKE_CXX_FLAGS="-fsanitize=address" make -j20 ./bin/opj_decompress -i poc2openjpeg -o tmp.pnm -t 1 For poc file and detailed reproduction process, please see:https://github.com/uclouvain/openjpeg/issues/1564 The developers has confirmed and fixed this bug:https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
Thanks for your time. I would appreciate it if a CVE number could be assigned.
FEDORA-2024-272544ceb9 (openjpeg2-2.5.3-1.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-272544ceb9
FEDORA-2024-272544ceb9 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-272544ceb9` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-272544ceb9 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-272544ceb9 (openjpeg2-2.5.3-1.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.