1 Name: OpenJPEG 2 URL: http://www.openjpeg.org/ 3 Version: 2.3.0 (also update in opj_config*) 4 Security Critical: yes 5 License: 2-clause BSD 6 7 Description: 8 JPEG 2000 library. 9 10 Local Modifications: 11 12 0000-use-colorspace.patch: Makes it possible to not call opj_jp2_apply_pclr(). 13 0003-dwt-decode.patch: Check array bounds for opj_dwt_decode_1() and friends. 14 0005-jp2_apply_pclr.patch: Fix out of bounds access. 15 0006-tcd_init_tile.patch: Fix a divide by zero bug in opj_tcd_init_tile(). 16 0007-jp2_read_cmap.patch: Fix wrong rendering on greyscale images with index colorspace. 17 0009-opj_pi_next.patch: Fix potential bad precno value in opj_pi_next* functions. 18 0011-j2k_update_image_data.patch: Prevent bad signed -> unsigned casting. 19 0012-mct_sse.patch: Don't use SSE intrinsics in 32-bit builds. 20 0014-opj_jp2_read_ihdr_leak.patch: Memory leak in opj_jp2_read_ihdr(). 21 0015-read_SPCod_SPCoc_overflow.patch: Prevent a buffer overflow in opj_j2k_read_SPCod_SPCoc. 22 0016-read_SQcd_SQcc_overflow.patch: Prevent a buffer overflow in opj_j2k_read_SQcd_SQcc. 23 0019-tcd_init_tile.patch: Prevent integer overflows during calculation of |l_nb_code_blocks_size|. 24 0022-jp2_apply_pclr_overflow.patch: Prevent integer overflow in opj_jp2_apply_pclr. 25 0023-opj_j2k_read_mct_records.patch: Fix opj_j2k_read to prevent heap-use-after-free. 26 0025-opj_j2k_add_mct_null_data.patch: Check m_data != null before trying to read from it. 27 0026-use_opj_uint_ceildiv.patch: Remove (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)a, (OPJ_INT32) b). 28 0033-undefined-shift-opj_t1_dec_clnpass.patch: fix undefined shifts originated from opj_t1_decode_cblk. 29 0034-opj_malloc.patch: PDFium changes in opj_malloc. 30 0035-opj_j2k_update_image_dimensions.patch: fix integer overflow. 31