Fedora has issued an advisory on September 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DLYNZDATEV2SVZGDDZDHN7AVYKTNQLDA/ It's not clear if versions older than 3.0.x are affected.
(In reply to David Walser from comment #0) > Fedora has issued an advisory on September 12: > https://lists.fedoraproject.org/archives/list/package-announce@lists. > fedoraproject.org/thread/DLYNZDATEV2SVZGDDZDHN7AVYKTNQLDA/ > > It's not clear if versions older than 3.0.x are affected. Assigning to the registered maintainer
Assignee: bugsquad => mageiaCC: (none) => marja11
openSUSE has issued an advisory for this on October 20: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AJX2RAKJDKVPUGJDMIPOC5U4GLJOZOSU/ 2.0.x is affected.
Whiteboard: (none) => MGA8TOOSummary: jasper possible new security issue CVE-2022-2963 => jasper new security issue CVE-2022-2963Status comment: (none) => Patch available from openSUSE
Hi, For Cauldron, jasper-3.0.6-1.mga9 solves that issue. Best regards, Nico.
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)CC: (none) => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a security vulnerability: A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. (CVE-2022-2963) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2963 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DLYNZDATEV2SVZGDDZDHN7AVYKTNQLDA/ https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AJX2RAKJDKVPUGJDMIPOC5U4GLJOZOSU/ ======================== Updated packages in core/updates_testing: ======================== jasper-2.0.27-1.1.mga8 lib(64)jasper4-2.0.27-1.1.mga8 lib(64)jasper-devel-2.0.27-1.1.mga8 from SRPM: jasper-2.0.27-1.1.mga8.src.rpm
Assignee: mageia => qa-bugsStatus: NEW => ASSIGNEDSource RPM: jasper-2.0.33-1.mga9.src.rpm => jasper-2.0.27-1.mga8.src.rpmStatus comment: Patch available from openSUSE => (none)CVE: (none) => CVE-2022-2963
mga8, x64 CVE-2022-2963: https://github.com/jasper-software/jasper/issues/332 PoC file = input_file $ file input_file input_file: JPEG 2000 Part 1 (JP2) $ valgrind --show-reachable=yes /usr/bin/jasper --input input_file --output /dev/null --output-format ==3596521== Memcheck, a memory error detector ==3596521== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==3596521== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info ==3596521== Command: /usr/bin/jasper --input input_file --output /dev/null --output-format ==3596521== missing argument for option --output-format For more information on how to use this command, type: jasper --help ==3596521== ==3596521== HEAP SUMMARY: ==3596521== in use at exit: 8,288 bytes in 1 blocks ==3596521== total heap usage: 28 allocs, 27 frees, 8,641 bytes allocated ==3596521== ==3596521== LEAK SUMMARY: ==3596521== definitely lost: 0 bytes in 0 blocks ==3596521== indirectly lost: 0 bytes in 0 blocks ==3596521== possibly lost: 0 bytes in 0 blocks ==3596521== still reachable: 8,288 bytes in 1 blocks ==3596521== suppressed: 0 bytes in 0 blocks ==3596521== Rerun with --leak-check=full to see details of leaked memory ==3596521== ==3596521== For lists of detected and suppressed errors, rerun with: -s ==3596521== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) This differs from the published result in one detail; 8641 bytes allocated. Not sure if that demonstrated the bug or not. Preliminary test: $ jasper --input ht2jk.jpg --output-format jp2 --output riverpan2.jpg $ file riverpan2.jpg riverpan2.jpg: JPEG 2000 Part 1 (JP2) That displayed properly with ImageMagick. Updated the three packages. $ valgrind --show-reachable=yes /usr/bin/jasper --input input_file --output /dev/null --output-format ==3606149== Memcheck, a memory error detector ==3606149== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==3606149== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info ==3606149== Command: /usr/bin/jasper --input input_file --output /dev/null --output-format ==3606149== missing argument for option --output-format For more information on how to use this command, type: jasper --help ==3606149== ==3606149== HEAP SUMMARY: ==3606149== in use at exit: 0 bytes in 0 blocks ==3606149== total heap usage: 28 allocs, 28 frees, 8,641 bytes allocated ==3606149== ==3606149== All heap blocks were freed -- no leaks are possible ==3606149== ==3606149== For lists of detected and suppressed errors, rerun with: -s ==3606149== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) That looks like a positive result so patch is successful. As before: $ jasper --input ht2jk.jpg --output-format jp2 --output riverpan2.jpg Output file looks fine. And repeating tests from an earlier bug: $ imginfo -f riverpan2.jpg jp2 3 2816 558 8 4713984 $ jasper -f sail.j2k -F sail2.bmp -T bmp sail2.bmp is good in ImageMagick. $ imginfo -f sail2.bmp THE BMP FORMAT IS NOT FULLY SUPPORTED! THAT IS, THE JASPER SOFTWARE CANNOT DECODE ALL TYPES OF BMP DATA. IF YOU HAVE ANY PROBLEMS, PLEASE TRY CONVERTING YOUR IMAGE DATA TO THE PNM FORMAT, AND USING THIS FORMAT INSTEAD. bmp 3 640 480 8 921600 But it does give a result. $ convert sail2.bmp sail2.ppm lcl@canopus:jasper $ imginfo -f sail2.ppm pnm 3 640 480 8 921600 No regressions with these simple tests so this can be sent on.
CC: (none) => tarazed25
Whiteboard: (none) => MGA8-64-OK
Hmm. Having reservations about this. That last operation should have been: $ jasper -f sail.j2k -F sail3.ppm -T pnm $ file sail3.ppm sail3.ppm: Netpbm image data, size = 640 x 480, rawbits, pixmap $ display sail3.ppm OK imginfo hangs, so there may be a regression there. Tried the conversion again but the hangup occurred again. It hangs also when run from valgrind. ==3622065== Process terminating with default action of signal 2 (SIGINT) ==3622065== at 0x49B0BFE: read (in /usr/lib64/libc-2.32.so) ==3622065== by 0x488FE3C: ??? (in /usr/lib64/libjasper.so.4.0.0) ==3622065== by 0x489053E: jas_stream_fillbuf (in /usr/lib64/libjasper.so.4.0.0) ==3622065== by 0x48907C5: jas_stream_read (in /usr/lib64/libjasper.so.4.0.0) ==3622065== by 0x4890854: jas_stream_peek (in /usr/lib64/libjasper.so.4.0.0) ==3622065== by 0x48B3A52: pnm_validate (in /usr/lib64/libjasper.so.4.0.0) ==3622065== by 0x488D77D: jas_image_getfmt (in /usr/lib64/libjasper.so.4.0.0) ==3622065== by 0x40135D: main (in /usr/bin/imginfo) Pushing this back to Nicolas and removing the OK.
Whiteboard: MGA8-64-OK => (none)
Oh no. Senile dementia. $ jasper -f sail.j2k -F sail4.ppm -T pnm $ file sail4.pnm sail4.pnm: cannot open `sail4.pnm' (No such file or directory) $ file sail4.ppm sail4.ppm: Netpbm image data, size = 640 x 480, rawbits, pixmap $ imginfo -f sail4.ppm pnm 3 640 480 8 921600 Apologies.
No need to apologize, Len. Validating.Advisory in comment 4.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0091.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED