mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-16 18:40:03 +00:00
Code Issues Projects Releases Wiki Activity

libcdio: patch CVE-2024-36600

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36600

Backport the patch from the PR that is referenced in the NVD advisory.

Note that there are two PRs mentioned: one is the fix, and the other
is just readme update with the CVE ID. The latter wasn't backported.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-02-02 22:13:56 +01:00
committed by Anuj Mittal
parent 9df99ae97a
commit fa4ceb7b5d
2 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-multimedia/libcdio/libcdio/CVE-2024-36600.patch
+32
View File
@@ -0,0 +1,32 @@
From b620a2d3d37d8068bc69941155ba85e6c740d470 Mon Sep 17 00:00:00 2001
From: Yuxin Wang <yuxinwang9999@gmail.com>
Date: Sun, 13 Jul 2025 13:53:17 +0800
Subject: [PATCH] Fix buffer overrun for Joliet filenames
Joliet uses UCS-2 (2 bytes per character), and converting to UTF-8
may require up to 3 bytes per character. This patch increases the
buffer size by i_fname/2 to prevent buffer overrun.
CVE: CVE-2024-36600
Upstream-Status: Backport [https://github.com/libcdio/libcdio/commit/417478a7474af41c27ab3f876f31783fa06a5dbc]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
lib/iso9660/iso9660_fs.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/iso9660/iso9660_fs.c b/lib/iso9660/iso9660_fs.c
index 3b2f07c..9df1b94 100644
--- a/lib/iso9660/iso9660_fs.c
+++ b/lib/iso9660/iso9660_fs.c
@@ -859,6 +859,11 @@ _iso9660_dir_to_statbuf (iso9660_dir_t *p_iso9660_dir,
/* .. string in statbuf is one longer than in p_iso9660_dir's listing '\1' */
stat_len = sizeof(iso9660_stat_t) + i_fname + 2;
+#ifdef HAVE_JOLIET
+ if (u_joliet_level) {
+ stat_len += i_fname / 2;
+ }
+#endif
/* Reuse multiextent p_stat if not NULL */
if (!p_stat) {
meta-oe/recipes-multimedia/libcdio/libcdio_2.2.0.bb
+3 -1
View File
@@ -4,7 +4,9 @@ SECTION = "libs"
LICENSE = "GPL-3.0-or-later" LICENSE = "GPL-3.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.bz2" SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.bz2 \
file://CVE-2024-36600.patch \
"
SRC_URI[sha256sum] = "6f8fbdf4d189cf63f2a7a1549c516cd720c7b222c7aaadbc924a26e745a48539" SRC_URI[sha256sum] = "6f8fbdf4d189cf63f2a7a1549c516cd720c7b222c7aaadbc924a26e745a48539"