mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-31 01:10:08 +00:00
Code Issues Projects Releases Wiki Activity

libgphoto2: patch CVE-2026-40336

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40336

Backport the patch referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-04-20 08:27:44 +02:00
committed by Khem Raj
parent f735ea20b1
commit 078f26b084
2 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40336.patch
+44
View File
@@ -0,0 +1,44 @@
From e19c45d3530f1585805711e14aa4ea788e499f46 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <marcus@jet.franken.de>
Date: Wed, 8 Apr 2026 15:13:51 +0200
Subject: [PATCH] Fixed Sony DPD Secondary Enum List Memory Leak
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Finding 4: Sony DPD Secondary Enum List Memory Leak (CWE-401) — LOW
File: ptp-pack.c:884-885
When processing a secondary enumeration list (2024+ Sony cameras), line
884885 overwrites dpd->FORM.Enum.SupportedValue with a new calloc()
without freeing the previous allocation from line 857. The original
array and any string values it contains are leaked.
CVE-2026-40336
Reported-By: Sebastián Alba <sebasjosue84@gmail.com>
CVE: CVE-2026-40336
Upstream-Status: Backport [https://github.com/gphoto/libgphoto2/commit/404ff02c75f3cb280196fc260a63c4d26cf1a8f6]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
camlibs/ptp2/ptp-pack.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/camlibs/ptp2/ptp-pack.c b/camlibs/ptp2/ptp-pack.c
index 7fc120d..fc51d77 100644
--- a/camlibs/ptp2/ptp-pack.c
+++ b/camlibs/ptp2/ptp-pack.c
@@ -879,6 +879,11 @@ ptp_unpack_Sony_DPD (PTPParams *params, const unsigned char* data, PTPDeviceProp
/* check if we have a secondary list of items, this is for newer Sonys (2024) */
if (val < 0x200) { /* if a secondary list is not provided, this will be the next property code - 0x5XXX or 0xDxxx */
if (dpd->FormFlag == PTP_DPFF_Enumeration) {
+ /* free old enum variables */
+ for (i=0;i<dpd->FORM.Enum.NumberOfValues;i++)
+ ptp_free_propvalue (dpd->DataType, dpd->FORM.Enum.SupportedValue+i);
+ free (dpd->FORM.Enum.SupportedValue);
+
N = dtoh16o(data, *poffset);
dpd->FORM.Enum.SupportedValue = calloc(N,sizeof(dpd->FORM.Enum.SupportedValue[0]));
if (!dpd->FORM.Enum.SupportedValue)
meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb
+1
View File
@@ -16,6 +16,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/${BP}.tar.xz;name=libgphoto2 \
file://CVE-2026-40333.patch \ file://CVE-2026-40333.patch \
file://CVE-2026-40334.patch \ file://CVE-2026-40334.patch \
file://CVE-2026-40335.patch \ file://CVE-2026-40335.patch \
file://CVE-2026-40336.patch \
" "
SRC_URI[libgphoto2.sha256sum] = "28825f767a85544cb58f6e15028f8e53a5bb37a62148b3f1708b524781c3bef2" SRC_URI[libgphoto2.sha256sum] = "28825f767a85544cb58f6e15028f8e53a5bb37a62148b3f1708b524781c3bef2"