NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fab123422e
kumquat-buildroot/package/libexif/0003-Reduce-maximum-recursion-depth-in-exif_data_load_dat.patch
Peter Korsgaard 81a4940d25 package/libexif: add post-0.6.21 upstream security fixes 
Fixes the following security issues:

- CVE-2016-6328: A vulnerability was found in libexif.  An integer overflow
  when parsing the MNOTE entry data of the input file.  This can cause
  Denial-of-Service (DoS) and Information Disclosure (disclosing some
  critical heap chunk metadata, even other applications' private data).

- CVE-2017-7544: libexif through 0.6.21 is vulnerable to out-of-bounds heap
  read vulnerability in exif_data_save_data_entry function in
  libexif/exif-data.c caused by improper length computation of the allocated
  data of an ExifMnote entry which can cause denial-of-service or possibly
  information disclosure.

- CVE-2018-20030: An error when processing the EXIF_IFD_INTEROPERABILITY and
  EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to
  exhaust available CPU resources.

- CVE-2019-9278: In libexif, there is a possible out of bounds write due to
  an integer overflow.  This could lead to remote escalation of privilege in
  the media content provider with no additional execution privileges needed.
  User interaction is needed for exploitation.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-09 12:33:05 +01:00

31 lines
1017 B
Diff
Raw Blame History

From 5d28011c40ec86cf52cffad541093d37c263898a Mon Sep 17 00:00:00 2001
From: Dan Fandrich <dan@coneharvesters.com>
Date: Fri, 20 Apr 2018 18:05:19 +0200
Subject: [PATCH] Reduce maximum recursion depth in exif_data_load_data_content
This only needs to be a small, single digit integer for normal files,
and reducing the maximum closer to this reduces the time and space
needed to detect pathological cases.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libexif/exif-data.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index 91f4c33..04cdda2 100644
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -378,7 +378,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
return;
- if (recursion_depth > 30) {
+ if (recursion_depth > 12) {
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
"Deep recursion detected!");
return;
--
2.20.1
Reference in New Issue View Git Blame Copy Permalink