mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

exiv2: patch CVE-2026-25884

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25884

Backport the commits referenced by the NVD advisory.

One of the patches contain some binary data (for test data),
which needs to be applied with git PATCHTOOL..

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-03-11 10:42:33 +01:00
committed by Anuj Mittal
parent 51be807682
commit 18824f8a2d
3 changed files with 100 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884-1.patch
+69
View File
@@ -0,0 +1,69 @@
From 237f63c2abcd6c346bf5d27044ab76f5388bb4e8 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sat, 7 Feb 2026 22:50:46 +0000
Subject: [PATCH] Regression test for
https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp
CVE: CVE-2026-25884
Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/191138fef73f331de1311e735d8e6359a36fa786]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
test/data/issue_ghsa_9mxq_4j5g_5wrp.crw | Bin 0 -> 74 bytes
.../github/test_issue_ghsa_9mxq_4j5g_5wrp.py | 24 ++++++++++++++++++
.../test_regression_allfiles.py | 1 +
3 files changed, 25 insertions(+)
create mode 100644 test/data/issue_ghsa_9mxq_4j5g_5wrp.crw
create mode 100644 tests/bugfixes/github/test_issue_ghsa_9mxq_4j5g_5wrp.py
diff --git a/test/data/issue_ghsa_9mxq_4j5g_5wrp.crw b/test/data/issue_ghsa_9mxq_4j5g_5wrp.crw
new file mode 100644
index 0000000000000000000000000000000000000000..816af2663b3ec93d0d4de4755a02b5d0f5d09640
GIT binary patch
literal 74
zcmebDRA69W@NjhuaCUYH`mcZv7#X+>WPvJpfmnfwK>?&13|Kip6i5oF1;hjZi0B7h
literal 0
HcmV?d00001
diff --git a/tests/bugfixes/github/test_issue_ghsa_9mxq_4j5g_5wrp.py b/tests/bugfixes/github/test_issue_ghsa_9mxq_4j5g_5wrp.py
new file mode 100644
index 000000000..199328f25
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_ghsa_9mxq_4j5g_5wrp.py
@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, CopyTmpFiles, path
+
+
+class CrwMap_decode0x0805_OutOfBoundsRead(metaclass=CaseMeta):
+ """
+ Regression test for the bug described in:
+ https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp
+ """
+
+ url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp"
+
+ filename = path("$data_path/issue_ghsa_9mxq_4j5g_5wrp.crw")
+ commands = ["$exiv2 $filename"]
+ stdout = ["""File name : $filename
+File size : 74 Bytes
+MIME type : image/x-canon-crw
+Image size : 0 x 0
+"""
+]
+ stderr = ["""$filename: No Exif data found in the file
+"""]
+ retval = [253]
diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py
index d1bec2ed3..87caa9798 100644
--- a/tests/regression_tests/test_regression_allfiles.py
+++ b/tests/regression_tests/test_regression_allfiles.py
@@ -122,6 +122,7 @@ def get_valid_files(data_dir):
"issue_ghsa_g9xm_7538_mq8w_poc.mov",
"issue_ghsa_38h4_fx85_qcx7_poc.tiff",
"issue_ghsa_496f_x7cq_cq39_poc.jpg",
+ "issue_ghsa_9mxq_4j5g_5wrp.crw",
"pocIssue283.jpg",
"poc_1522.jp2",
"xmpsdk.xmp",
meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884-2.patch
+25
View File
@@ -0,0 +1,25 @@
From 5c5ab83247997396b8a7de8e4425a1a04db01c14 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sat, 31 Jan 2026 15:31:55 +0000
Subject: [PATCH] Fix out-of-bounds read.
CVE: CVE-2026-25884
Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/5b8f1f4d92b8f27a5a80e0c3d3eb9dce7620d9f1]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/crwimage_int.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
index 9e2c1c6a4..1d2378a61 100644
--- a/src/crwimage_int.cpp
+++ b/src/crwimage_int.cpp
@@ -646,7 +646,7 @@ const CrwMapping* CrwMap::crwMapping(uint16_t crwDir, uint16_t crwTagId) {
void CrwMap::decode0x0805(const CiffComponent& ciffComponent, const CrwMapping* /*pCrwMapping*/, Image& image,
ByteOrder /*byteOrder*/) {
- std::string s(reinterpret_cast<const char*>(ciffComponent.pData()));
+ auto s = std::string(reinterpret_cast<const char*>(ciffComponent.pData()), ciffComponent.size());
image.setComment(s);
} // CrwMap::decode0x0805
meta-oe/recipes-support/exiv2/exiv2_0.28.7.bb
+6 -1
View File
@@ -4,7 +4,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
DEPENDS = "zlib expat brotli libinih" DEPENDS = "zlib expat brotli libinih"
SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x;tag=v${PV}" SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x;tag=v${PV} \
file://CVE-2026-25884-1.patch \
file://CVE-2026-25884-2.patch \
"
SRCREV = "afcb7a8ba84a7de36d2f1ee7689394e078697956" SRCREV = "afcb7a8ba84a7de36d2f1ee7689394e078697956"
PATCHTOOL = "git"
inherit cmake gettext inherit cmake gettext