This bug is triggered when we use opj_decompress with the -r option and its argument set to 2. version v2.5.2 also has this vulnerability. Reproducible: Always Steps to Reproduce: git clone https://github.com/uclouvain/openjpeg.git cd openjpeg cmake . -DCMAKE_BUILD_TYPE=Debug \ -DCMAKE_C_COMPILER=clang \ -DCMAKE_CXX_COMPILER=clang++ \ -DCMAKE_C_FLAGS="-fsanitize=address" \ -DCMAKE_CXX_FLAGS="-fsanitize=address" make -j20 ./bin/opj_decompress -i poc1openjpeg -o tmp.pnm -r 2 For poc file and detailed reproduction process, please https://github.com/uclouvain/openjpeg/issues/1563 The developers has confirmed and fixed this bug:https://github.com/uclouvain/openjpeg/commit/98592ee6d6904f1b48e8207238779b89a63befa2
Thanks for your time. I would appreciate it if a CVE number could be assigned.
the updates are already out there https://bodhi.fedoraproject.org/updates/?packages=openjpeg
FEDORA-2024-6e816ca6d9 (openjpeg-2.5.3-2.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-6e816ca6d9
FEDORA-2024-272544ceb9 (openjpeg2-2.5.3-1.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-272544ceb9
FEDORA-2024-272544ceb9 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-272544ceb9` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-272544ceb9 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-272544ceb9 (openjpeg2-2.5.3-1.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.