Upstream patch for CVE-2012-3535. diff -Naur OpenJPEG_v1_3.orig/libopenjpeg/j2k.c OpenJPEG_v1_3/libopenjpeg/j2k.c --- OpenJPEG_v1_3.orig/libopenjpeg/j2k.c 2007-12-19 07:28:40.000000000 -0500 +++ OpenJPEG_v1_3/libopenjpeg/j2k.c 2012-09-12 11:14:45.622827158 -0400 @@ -720,6 +720,13 @@ j2k->state |= J2K_STATE_ERR; } + if( tccp->numresolutions > J2K_MAXRLVLS ) { + opj_event_msg(j2k->cinfo, EVT_ERROR, "Error decoding component %d.\nThe number of resolutions is too big: %d vs max= %d. Truncating.\n\n", + compno, tccp->numresolutions, J2K_MAXRLVLS); + j2k->state |= J2K_STATE_ERR; + tccp->numresolutions = J2K_MAXRLVLS; + } + tccp->cblkw = cio_read(cio, 1) + 2; /* SPcox (E) */ tccp->cblkh = cio_read(cio, 1) + 2; /* SPcox (F) */ tccp->cblksty = cio_read(cio, 1); /* SPcox (G) */