Petr Gajdos
42297d1b65
and CVE-2017-6886
+ libraw-CVE-2017-6887,6886.patch
- added missing fix for CVE-2017-6890 and CVE-2017-6899
+ libraw-CVE-2017-6890,6899.patch
OBS-URL: https://build.opensuse.org/package/show/graphics/libraw?expand=0&rev=92
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
From d7c3d2cb460be10a3ea7b32e9443a83c243b2251 Mon Sep 17 00:00:00 2001
|
|
From: Alex Tutubalin <lexa@lexa.ru>
|
|
Date: Sat, 4 Mar 2017 21:27:39 +0300
|
|
Subject: [PATCH] Secunia SA75000 advisory: several buffer overruns
|
|
|
|
---
|
|
dcraw/dcraw.c | 12 ++++++++++--
|
|
internal/dcraw_common.cpp | 12 ++++++++++--
|
|
2 files changed, 20 insertions(+), 4 deletions(-)
|
|
|
|
Index: LibRaw-0.18.2/dcraw/dcraw.c
|
|
===================================================================
|
|
--- LibRaw-0.18.2.orig/dcraw/dcraw.c 2017-05-23 09:32:51.733561941 +0200
|
|
+++ LibRaw-0.18.2/dcraw/dcraw.c 2017-05-23 09:38:40.867531376 +0200
|
|
@@ -5842,6 +5842,10 @@ int CLASS parse_tiff_ifd (int base)
|
|
load_raw = &CLASS sony_arw_load_raw;
|
|
data_offset = get4()+base;
|
|
ifd++; break;
|
|
+#ifdef LIBRAW_LIBRARY_BUILD
|
|
+ if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0])
|
|
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
|
|
+#endif
|
|
}
|
|
while (len--) {
|
|
i = ftell(ifp);
|
|
@@ -6005,6 +6009,8 @@ int CLASS parse_tiff_ifd (int base)
|
|
break;
|
|
case 50454: /* Sinar tag */
|
|
case 50455:
|
|
+ if (len < 1 || len > 2560000)
|
|
+ break;
|
|
if (!(cbuf = (char *) malloc(len))) break;
|
|
fread (cbuf, 1, len, ifp);
|
|
for (cp = cbuf-1; cp && cp < cbuf+len; cp = strchr(cp,'\n'))
|