[OE-core] [denzil 07/18] Security Advisory - libexif - CVE-2012-2840

Mark Hatle mark.hatle at windriver.com
Thu Feb 7 23:56:34 UTC 2013


From: Yue Tao <Yue.Tao at windriver.com>

[ CQID: WIND00366793 ]

Off-by-one error in the exif_convert_utf16_to_utf8 function in
exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before
0.6.21 allows remote attackers to cause a denial of service or
possibly execute arbitrary code via crafted EXIF tags in an image.

Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
Signed-off-by: Mark Hatle <mark.hatle at windriver.com>
---
 .../libexif/libexif/0006-libexif-CVE-2012-2840.patch    | 17 +++++++++++++++++
 meta/recipes-support/libexif/libexif_0.6.20.bb          |  3 ++-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/libexif/libexif/0006-libexif-CVE-2012-2840.patch

diff --git a/meta/recipes-support/libexif/libexif/0006-libexif-CVE-2012-2840.patch b/meta/recipes-support/libexif/libexif/0006-libexif-CVE-2012-2840.patch
new file mode 100644
index 0000000..81c5821
--- /dev/null
+++ b/meta/recipes-support/libexif/libexif/0006-libexif-CVE-2012-2840.patch
@@ -0,0 +1,17 @@
+Index: libexif/exif-utils.c
+===================================================================
+RCS file: /cvsroot/libexif/libexif/libexif/exif-utils.c,v
+retrieving revision 1.16
+retrieving revision 1.17
+diff -c -u -r1.16 -r1.17
+--- a/libexif/exif-utils.c	27 Oct 2009 06:06:11 -0000	1.16
++++ b/libexif/exif-utils.c	12 Jul 2012 17:11:30 -0000	1.17
+@@ -239,7 +239,7 @@
+ 				break;
+ 			}
+ 		} else {
+-			if (maxlen > 2) {
++			if (maxlen > 3) {
+ 				*out++ = ((*in >> 12) & 0x0F) | 0xE0;
+ 				*out++ = ((*in >> 6) & 0x3F) | 0x80;
+ 				*out++ = (*in++ & 0x3F) | 0x80;
diff --git a/meta/recipes-support/libexif/libexif_0.6.20.bb b/meta/recipes-support/libexif/libexif_0.6.20.bb
index 6affc9e..757163b 100644
--- a/meta/recipes-support/libexif/libexif_0.6.20.bb
+++ b/meta/recipes-support/libexif/libexif_0.6.20.bb
@@ -11,7 +11,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libexif/libexif-${PV}.tar.bz2 \
 	  file://0002-libexif-CVE-2012-2812.patch \
 	  file://0003-libexif-CVE-2012-2841.patch \
 	  file://0004-libexif-CVE-2012-2836.patch \
-	  file://0005-libexif-CVE-2012-2837.patch"
+	  file://0005-libexif-CVE-2012-2837.patch \
+	  file://0006-libexif-CVE-2012-2840.patch"
 
 SRC_URI[md5sum] = "19844ce6b5d075af16f0d45de1e8a6a3"
 SRC_URI[sha256sum] = "a772d20bd8fb9802d7f0d70fde6ac8872f87d0c66c52b0d14026dafcaa83d715"
-- 
1.8.1.2.545.g2f19ada





More information about the Openembedded-core mailing list