mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-04-20 11:38:34 +00:00
Code Issues Projects Releases Wiki Activity

exiv2: patch CVE-2021-32815

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-32815

Pick the patch from the PR mentioned in he nvd report.

This patch is a combination of 3 commits, which are so
small, that it is still very readable in this form also.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2025-11-22 20:31:26 +01:00
parent 19fb28a912
commit 0f89f58111
2 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch Normal file
View File

@@ -0,0 +1,36 @@
From 14fc89433d22f56fa3ec973d802e9316a268deab Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 23 Jun 2021 22:39:31 +0100
Subject: [PATCH] Don't crash if s > size.
CVE: CVE-2021-32815
Upstream-Status: Backport [https://github.com/Exiv2/exiv2/pull/1739/commits/0c17eb33c0a7fad1796ce23b8bbc32067f511aed
https://github.com/Exiv2/exiv2/pull/1739/commits/04466168b87dedff4ec09c09e9c23f2334ba1734
https://github.com/Exiv2/exiv2/pull/1739/commits/c79d83f25fdd09218697d482211a61db87ce5333]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/crwimage_int.cpp | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
index 2e3e507..0232867 100644
--- a/src/crwimage_int.cpp
+++ b/src/crwimage_int.cpp
@@ -1226,9 +1226,12 @@ namespace Exiv2 {
for (ExifData::const_iterator i = b; i != e; ++i) {
if (i->ifdId() != ifdId) continue;
const uint16_t s = i->tag()*2 + static_cast<uint16_t>(i->size());
- assert(s <= size);
- if (len < s) len = s;
- i->copy(buf.pData_ + i->tag()*2, byteOrder);
+ if (s <= size) {
+ if (len < s) len = s;
+ i->copy(buf.pData_ + i->tag()*2, byteOrder);
+ } else {
+ EXV_ERROR << "packIfdId out-of-bounds error: s = " << std::dec << s << "\n";
+ }
}
// Round the size to make it even.
buf.size_ = len + len%2;

1
meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
View File

@@ -15,6 +15,7 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
file://CVE-2021-3482.patch \
file://CVE-2021-29623.patch \
file://CVE-2021-32617.patch \
file://CVE-2021-32815.patch \
"
SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"