File poppler-CVE-2019-12293.patch of Package poppler.30684
Index: poppler-0.62.0/poppler/JPEG2000Stream.cc
===================================================================
--- poppler-0.62.0.orig/poppler/JPEG2000Stream.cc
+++ poppler-0.62.0/poppler/JPEG2000Stream.cc
@@ -254,6 +254,12 @@ void JPXStream::init()
close();
break;
}
+ const int componentPixels = priv->image->comps[component].w * priv->image->comps[component].h;
+ if (componentPixels != priv->npixels) {
+ error(errSyntaxWarning, -1, "Component {0:d} has different WxH than component 0", component);
+ close();
+ break;
+ }
unsigned char *cdata = (unsigned char *)priv->image->comps[component].data;
int adjust = 0;
int depth = priv->image->comps[component].prec;