[OE-core] [denzil 07/18] Security Advisory - libexif - CVE-2012-2840
Mark Hatle
mark.hatle at windriver.com
Thu Feb 7 23:56:34 UTC 2013
From: Yue Tao <Yue.Tao at windriver.com>
[ CQID: WIND00366793 ]
Off-by-one error in the exif_convert_utf16_to_utf8 function in
exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before
0.6.21 allows remote attackers to cause a denial of service or
possibly execute arbitrary code via crafted EXIF tags in an image.
Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
Signed-off-by: Mark Hatle <mark.hatle at windriver.com>
---
.../libexif/libexif/0006-libexif-CVE-2012-2840.patch | 17 +++++++++++++++++
meta/recipes-support/libexif/libexif_0.6.20.bb | 3 ++-
2 files changed, 19 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-support/libexif/libexif/0006-libexif-CVE-2012-2840.patch
diff --git a/meta/recipes-support/libexif/libexif/0006-libexif-CVE-2012-2840.patch b/meta/recipes-support/libexif/libexif/0006-libexif-CVE-2012-2840.patch
new file mode 100644
index 0000000..81c5821
--- /dev/null
+++ b/meta/recipes-support/libexif/libexif/0006-libexif-CVE-2012-2840.patch
@@ -0,0 +1,17 @@
+Index: libexif/exif-utils.c
+===================================================================
+RCS file: /cvsroot/libexif/libexif/libexif/exif-utils.c,v
+retrieving revision 1.16
+retrieving revision 1.17
+diff -c -u -r1.16 -r1.17
+--- a/libexif/exif-utils.c 27 Oct 2009 06:06:11 -0000 1.16
++++ b/libexif/exif-utils.c 12 Jul 2012 17:11:30 -0000 1.17
+@@ -239,7 +239,7 @@
+ break;
+ }
+ } else {
+- if (maxlen > 2) {
++ if (maxlen > 3) {
+ *out++ = ((*in >> 12) & 0x0F) | 0xE0;
+ *out++ = ((*in >> 6) & 0x3F) | 0x80;
+ *out++ = (*in++ & 0x3F) | 0x80;
diff --git a/meta/recipes-support/libexif/libexif_0.6.20.bb b/meta/recipes-support/libexif/libexif_0.6.20.bb
index 6affc9e..757163b 100644
--- a/meta/recipes-support/libexif/libexif_0.6.20.bb
+++ b/meta/recipes-support/libexif/libexif_0.6.20.bb
@@ -11,7 +11,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libexif/libexif-${PV}.tar.bz2 \
file://0002-libexif-CVE-2012-2812.patch \
file://0003-libexif-CVE-2012-2841.patch \
file://0004-libexif-CVE-2012-2836.patch \
- file://0005-libexif-CVE-2012-2837.patch"
+ file://0005-libexif-CVE-2012-2837.patch \
+ file://0006-libexif-CVE-2012-2840.patch"
SRC_URI[md5sum] = "19844ce6b5d075af16f0d45de1e8a6a3"
SRC_URI[sha256sum] = "a772d20bd8fb9802d7f0d70fde6ac8872f87d0c66c52b0d14026dafcaa83d715"
--
1.8.1.2.545.g2f19ada
More information about the Openembedded-core
mailing list