mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
exiv2: patch CVE-2021-37618
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37618 Pick the patch from the PR that is referenced by the NVD advisory. Note that the regression test was not backported, because it contains a binary patch, that I couldn't apply with any of the patchtools in the do_patch step. Before submission however I have applied the patches, and ran all the tests successfully. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
@@ -0,0 +1,32 @@
|
|||||||
|
From 37e0d4dac7c8b1a9e01448c359bf013ead53904a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kevin Backhouse <kevinbackhouse@github.com>
|
||||||
|
Date: Mon, 5 Jul 2021 10:40:03 +0100
|
||||||
|
Subject: [PATCH] Better bounds checking in Jp2Image::printStructure
|
||||||
|
|
||||||
|
CVE: CVE-2021-37618
|
||||||
|
Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/0fcdde80997913dde284ea98f06f9305d06cb160]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
src/jp2image.cpp | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
|
||||||
|
index e14919c..2da69f1 100644
|
||||||
|
--- a/src/jp2image.cpp
|
||||||
|
+++ b/src/jp2image.cpp
|
||||||
|
@@ -538,6 +538,7 @@ static void boxes_check(size_t b,size_t m)
|
||||||
|
|
||||||
|
if (subBox.type == kJp2BoxTypeColorHeader) {
|
||||||
|
long pad = 3; // don't know why there are 3 padding bytes
|
||||||
|
+ enforce(data.size_ >= pad, kerCorruptedMetadata);
|
||||||
|
if (bPrint) {
|
||||||
|
out << " | pad:";
|
||||||
|
for (int i = 0; i < 3; i++)
|
||||||
|
@@ -547,6 +548,7 @@ static void boxes_check(size_t b,size_t m)
|
||||||
|
if (bPrint) {
|
||||||
|
out << " | iccLength:" << iccLength;
|
||||||
|
}
|
||||||
|
+ enforce(iccLength <= data.size_ - pad, kerCorruptedMetadata);
|
||||||
|
if (bICC) {
|
||||||
|
out.write((const char*)data.pData_ + pad, iccLength);
|
||||||
|
}
|
||||||
@@ -24,6 +24,7 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
|
|||||||
file://CVE-2021-34335-2.patch \
|
file://CVE-2021-34335-2.patch \
|
||||||
file://CVE-2021-37615-1.patch \
|
file://CVE-2021-37615-1.patch \
|
||||||
file://CVE-2021-37615-2.patch \
|
file://CVE-2021-37615-2.patch \
|
||||||
|
file://CVE-2021-37618.patch \
|
||||||
"
|
"
|
||||||
SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
|
SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user