Skip to content

Commit 042c83d

Browse files
cary-ilmcary-ilm
committed
bump fetched OpenJPH version to 0.24.5
Signed-off-by: Cary Phillips <[email protected]>
1 parent b9a36b4 commit 042c83d

File tree

2 files changed

+12
-6
lines changed

2 files changed

+12
-6
lines changed

CHANGES.md

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -91,13 +91,13 @@ properly rejecting corrupt input data.
9191

9292
Specifically:
9393

94-
- Buffer overflow in PyOpenEXR_old's `channels()` and `channel()` in
94+
* Buffer overflow in PyOpenEXR_old's `channels()` and `channel()` in
9595
legacy python, reported by Joshua Rogers (GitHub: MegaManSec).
96-
- Use after free in PyObject_StealAttrString in legacy python, reported
96+
* Use after free in PyObject_StealAttrString in legacy python, reported
9797
by Joshua Rogers (GitHub: MegaManSec).
98-
- Use of Uninitialized Memory in openexr, reported by Aldo Ristori
98+
* Use of Uninitialized Memory in openexr, reported by Aldo Ristori
9999
(GitHub: Kaldreic).
100-
- Heap-based Buffer Overflow Remote Code Execution Vulnerability,
100+
* Heap-based Buffer Overflow Remote Code Execution Vulnerability,
101101
reported by Trend Micro Zero Day Initiative.
102102

103103
Also:
@@ -122,12 +122,18 @@ Other fixes:
122122
which makes it possible to set `CMAKE_DEBUG_POSTFIX=""`.
123123

124124
This version also bumps the auto-fetched version of OpenJPH to
125-
0.24.4. OpenJPH 0.24.4 addresses these OSS-Fuzz issues:
125+
0.24.5. OpenJPH 0.24.5 addresses these OSS-Fuzz issues:
126126

127+
* OSS-fuzz [456837230](https://issues.oss-fuzz.com/issues/456837230)
128+
Crash in `ojph::local::param_cod::~param_cod`
129+
* OSS-fuzz [456248580](https://issues.oss-fuzz.com/issues/456248580)
130+
Null-dereference READ in `ojph::local::param_cod::~param_cod`
127131
* OSS-fuzz [455374208](https://issues.oss-fuzz.com/issues/455374208)
128132
Floating-point-exception in `ojph::local::tile::pre_alloc`
129133
* OSS-fuzz [444963190](https://issues.oss-fuzz.com/issues/444963190)
130134
Index-out-of-bounds in `ojph::local::param_qcd::read_qcc`
135+
* OSS-fuzz [444889300](https://issues.oss-fuzz.com/issues/444889300)
136+
Heap-buffer-overflow in `ojph::mem_infile::read`
131137
* OSS-fuzz [444878558](https://issues.oss-fuzz.com/issues/444878558)
132138
Segv on unknown address in `ojph::local::param_qcd::~param_qcd`
133139
* OSS-fuzz [444878557](https://issues.oss-fuzz.com/issues/444878557)

cmake/OpenEXRSetup.cmake

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -257,7 +257,7 @@ endif()
257257

258258
option(OPENEXR_FORCE_INTERNAL_OPENJPH "Force downloading OpenJPH from a git repo" OFF)
259259
set(OPENEXR_OPENJPH_REPO "https://github.com/aous72/OpenJPH.git" CACHE STRING "OpenJPH git repo URI")
260-
set(OPENEXR_OPENJPH_TAG "0.24.4" CACHE STRING "OpenJPH git repo tag")
260+
set(OPENEXR_OPENJPH_TAG "0.24.5" CACHE STRING "OpenJPH git repo tag")
261261

262262
if (NOT OPENEXR_FORCE_INTERNAL_OPENJPH)
263263
find_package(openjph CONFIG QUIET)

0 commit comments

Comments
 (0)