imgcodecs: avoid vulnerabilities in Jasper codec (JPEG-2000)

[alalek]

Jasper project has many opened vulnerabilities which are not get fixed for a long time.
Especially in version 1.900 which is used by OpenCV.

It is not safe to open external/untrusted JPEG-2000 images via imread()/imdecode().
Perhaps it is not save to use encoder too via imwrite()/imencode().

Possible alternative to Jasper codec is OpenJPEG, which should replace Jasper in OpenCV in the future.

Changes:

• Add runtime option OPENCV_IO_ENABLE_JASPER.
  Turned OFF by default (for current outdated code of Jasper 1.900).
  Prevents calling of Jasper code from OpenCV, prints warning message with the link on this issue.
  Users are still able to turn ON this option during runtime. Use it at your own risk!
  PR: imgcodecs: OPENCV_IO_ENABLE_JASPER runtime parameter #14059
  OpenCV versions: 3.4.6+ / 4.1.0+

• Change CMake defaults: BUILD_JASPER=OFF.
  TBD

• Change CMake defaults: WITH_JASPER=OFF
  TBD

---

• Jasper has been excluded from Ubuntu 18.04 distribution (Ubuntu 16.04 package)
• relates Application crashed when imdecode() is called for .jp2 image #5849

[Mancancode]

hello i saw some interesting stuff that might be helpful,
https://www.boost.org/doc/libs/1_65_1/libs/test/doc/html/boost_test/utf_reference/rt_param_reference.html
check the link

[irfanrahman]

Hi, sorry for the novice question, how do I use 'OPENCV_IO_ENABLE_JASPER' command via run time in a script? An example would be great. thanks. I'm trying to run a python script in jupyterhub.

python 3.7.3
pip 19.1.1
opencv-contrib-python 4.1.0.25
opencv-python 4.1.0.25
Jasper 0.1

Jasper is not updated in PIP. https://pypi.org/project/Jasper

[mshabunin]

@irfanrahman , you should set environment variable:

Windows:

> set OPENCV_IO_ENABLE_JASPER=ON
> my-app

Linux:

$ export OPENCV_IO_ENABLE_JASPER=ON
$ ./my-app

[MarcusBarnes]

@mshabunin Thank you for the hints.

Anyone have specific hints when setting the environment variable within a Jupyter notebook? When setting this value in a cell

os.environ['OPENCV_IO_ENABLE_JASPER']= 'on'

and then trying to read a JP2 image file using cv2.imread I get the following error:

error: OpenCV(4.1.0) /io/opencv/modules/core/src/system.cpp:1700: error: (-5:Bad argument) Invalid value for parameter OPENCV_IO_ENABLE_JASPER: on in function 'read'

[alalek]

'on' value is not supported.

[MarcusBarnes]

Thank you @alalek. That did the trick!