Bug 27842 - jasper new security issue CVE-2020-27828
Summary: jasper new security issue CVE-2020-27828
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-12-16 01:03 CET by David Walser
Modified: 2020-12-17 14:12 CET (History)
4 users (show)

See Also:
Source RPM: jasper-2.0.19-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-12-16 01:03:02 CET 
David Geiger fixed a CVE in jasper in Cauldron, but forgot to file a bug.

Fixed upstream in 2.0.23:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27828
Comment 1 David GEIGER 2020-12-16 10:38:28 CET 
Done for mga7!
Comment 2 David Walser 2020-12-16 15:12:16 CET 
Advisory:
========================

Updated jasper packages fix security vulnerability:

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted
input provided to jasper by an attacker could cause an arbitrary out-of-bounds
write. This could potentially affect data confidentiality, integrity, or
application availability (CVE-2020-27828).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27828
https://github.com/jasper-software/jasper/releases/tag/version-2.0.23
========================

Updated packages in core/updates_testing:
========================
jasper-2.0.23-1.mga7
libjasper4-2.0.23-1.mga7
libjasper-devel-2.0.23-1.mga7

from jasper-2.0.23-1.mga7.src.rpm

Assignee: geiger.david68210 => qa-bugs
CC: (none) => geiger.david68210

Comment 3 Len Lawrence 2020-12-16 17:25:55 CET 
mga7, x64

CVE-2020-27828
https://github.com/jasper-software/jasper/issues/252
$ jasper --input sample.pgx --output out2 --output-format jpc -O numrlvls=40
invalid number of guard bits
munmap_chunk(): invalid pointer
Aborted (core dumped)

Updated the three packages.
$ jasper --input sample.pgx --output out2 --output-format jpc -O numrlvls=40
number of resolution levels exceeds maximum 33
invalid JP encoder options
jpc_encode failed
error: cannot encode image

Patched OK.

Ran some tests used earlier.
$ jasper --input ht2jk.jpg --output-format jp2 --output riverpan.jp2
$ ll riverpan.jp2 
-rw-r--r-- 1 lcl lcl 1570642 Dec 16  2020 riverpan.jp2
Looks fine  using 'display'.
$ imginfo -f riverpan.jp2
jp2 3 2816 558 8 4713984

$ jasper -f sail.j2k -F sail.bmp -T bmp
$ display sail.bmp
That looks fine.
$ imginfo -f sail.bmp
THE BMP FORMAT IS NOT FULLY SUPPORTED!
THAT IS, THE JASPER SOFTWARE CANNOT DECODE ALL TYPES OF BMP DATA.
IF YOU HAVE ANY PROBLEMS, PLEASE TRY CONVERTING YOUR IMAGE DATA
TO THE PNM FORMAT, AND USING THIS FORMAT INSTEAD.
bmp 3 640 480 8 921600
$ imginfo -f sail.ppm
pnm 3 640 480 8 921600

Reckon this is good enough.

CC: (none) => tarazed25
Whiteboard: (none) => MGA7-64-OK

Comment 4 Aurelien Oudelet 2020-12-17 10:41:18 CET 
Validating.
Advisory pushed to SVN.

CC: (none) => ouaurelien, sysadmin-bugs
Keywords: (none) => advisory, validated_update

Comment 5 Mageia Robot 2020-12-17 14:12:20 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0463.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.