Marcus Meissner
2923373f20
- Add CVE-2016-6328.patch: Fix integer overflow in parsing MNOTE entry data of the input file (bnc#1055857) - Add CVE-2017-7544.patch: Fix vulnerable out-of-bounds heap read vulnerability (bnc#1059893) OBS-URL: https://build.opensuse.org/request/show/566573 OBS-URL: https://build.opensuse.org/package/show/graphics/libexif?expand=0&rev=31
21 lines
734 B
Diff
21 lines
734 B
Diff
Index: libexif/exif-data.c
|
|
===================================================================
|
|
RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
|
|
retrieving revision 1.131
|
|
diff -u -r1.131 exif-data.c
|
|
--- libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131
|
|
+++ libexif/exif-data.c 25 Jul 2017 21:34:06 -0000
|
|
@@ -255,6 +255,12 @@
|
|
exif_mnote_data_set_offset (data->priv->md, *ds - 6);
|
|
exif_mnote_data_save (data->priv->md, &e->data, &e->size);
|
|
e->components = e->size;
|
|
+ if (exif_format_get_size (e->format) != 1) {
|
|
+ /* e->format is taken from input code,
|
|
+ * but we need to make sure it is a 1 byte
|
|
+ * entity due to the multiplication below. */
|
|
+ e->format = EXIF_FORMAT_UNDEFINED;
|
|
+ }
|
|
}
|
|
}
|
|
|