1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-15 15:37:03 +00:00

libexif: fix for CVE-2026-32775

Pick patch from [1] also mentioned at NVD report in [2]

[1] https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-32775
[3] https://security-tracker.debian.org/tracker/CVE-2026-32775

(From OE-Core rev: b825582edd8b05be2d3c5ca48d6d7c620628d69b)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Hitendra Prajapati
2026-05-14 11:04:25 +05:30
committed by Paul Barker
parent 6acd7c46b5
commit 175a1d0fe3
2 changed files with 87 additions and 0 deletions
@@ -0,0 +1,86 @@
From 7df372e9d31d7c993a22b913c813a5f7ec4f3692 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <marcus@jet.franken.de>
Date: Mon, 9 Mar 2026 10:02:53 +0100
Subject: [PATCH] check maxlen to be at least 1
maxlen-- on 0 will become a high value.
Fixes https://github.com/libexif/libexif/issues/247
CVE: CVE-2026-32775
Upstream-Status: Backport from [https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
libexif/apple/mnote-apple-entry.c | 2 ++
libexif/canon/mnote-canon-entry.c | 2 ++
libexif/fuji/mnote-fuji-entry.c | 1 +
libexif/olympus/mnote-olympus-entry.c | 2 ++
libexif/pentax/mnote-pentax-entry.c | 1 +
5 files changed, 8 insertions(+)
diff --git a/libexif/apple/mnote-apple-entry.c b/libexif/apple/mnote-apple-entry.c
index 6740d8e..337e51b 100644
--- a/libexif/apple/mnote-apple-entry.c
+++ b/libexif/apple/mnote-apple-entry.c
@@ -43,6 +43,8 @@ mnote_apple_entry_get_value(MnoteAppleEntry *entry, char *v, unsigned int maxlen
if (!entry)
return NULL;
+ if (maxlen < 1)
+ return NULL;
memset(v, 0, maxlen);
maxlen--;
diff --git a/libexif/canon/mnote-canon-entry.c b/libexif/canon/mnote-canon-entry.c
index 52a7077..372fcdf 100644
--- a/libexif/canon/mnote-canon-entry.c
+++ b/libexif/canon/mnote-canon-entry.c
@@ -559,6 +559,8 @@ mnote_canon_entry_get_value (const MnoteCanonEntry *entry, unsigned int t, char
if (!entry)
return NULL;
+ if (maxlen < 1)
+ return NULL;
data = entry->data;
size = entry->size;
diff --git a/libexif/fuji/mnote-fuji-entry.c b/libexif/fuji/mnote-fuji-entry.c
index add7086..dd33900 100644
--- a/libexif/fuji/mnote-fuji-entry.c
+++ b/libexif/fuji/mnote-fuji-entry.c
@@ -199,6 +199,7 @@ mnote_fuji_entry_get_value (MnoteFujiEntry *entry,
int i, j;
if (!entry) return (NULL);
+ if (maxlen < 1) return NULL;
memset (val, 0, maxlen);
maxlen--;
diff --git a/libexif/olympus/mnote-olympus-entry.c b/libexif/olympus/mnote-olympus-entry.c
index 679fb50..d5eb60e 100644
--- a/libexif/olympus/mnote-olympus-entry.c
+++ b/libexif/olympus/mnote-olympus-entry.c
@@ -284,6 +284,8 @@ mnote_olympus_entry_get_value (MnoteOlympusEntry *entry, char *v, unsigned int m
if (!entry)
return (NULL);
+ if (maxlen < 1)
+ return NULL;
memset (v, 0, maxlen);
maxlen--;
diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
index 32b537b..d3c96f8 100644
--- a/libexif/pentax/mnote-pentax-entry.c
+++ b/libexif/pentax/mnote-pentax-entry.c
@@ -315,6 +315,7 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
int i = 0, j = 0;
if (!entry) return (NULL);
+ if (maxlen < 1) return (NULL);
memset (val, 0, maxlen);
maxlen--;
--
2.50.1
@@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libexif-${PV}.tar.bz2 \
file://0001-Add-serial-tests-config-needed-by-ptest.patch \
file://run-ptest \
file://CVE-2026-32775.patch \
"
SRC_URI[sha256sum] = "d47564c433b733d83b6704c70477e0a4067811d184ec565258ac563d8223f6ae"