diff options
-rw-r--r-- | meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch | 21 | ||||
-rw-r--r-- | meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 1 |
2 files changed, 22 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch new file mode 100644 index 0000000000..4afedf8e59 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch @@ -0,0 +1,21 @@ +From e6a0982f7cd9282052b6e3485a458d60629ffa0b Mon Sep 17 00:00:00 2001 +From: Kevin Backhouse <kevinbackhouse@github.com> +Date: Fri, 23 Apr 2021 11:44:44 +0100 +Subject: [PATCH] Add bounds check in Jp2Image::doWriteMetadata(). + +--- + src/jp2image.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/jp2image.cpp b/src/jp2image.cpp +index 1694fed27..ca8c9ddbb 100644 +--- a/src/jp2image.cpp ++++ b/src/jp2image.cpp +@@ -908,6 +908,7 @@ static void boxes_check(size_t b,size_t m) + + case kJp2BoxTypeUuid: + { ++ enforce(boxBuf.size_ >= 24, Exiv2::kerCorruptedMetadata); + if(memcmp(boxBuf.pData_ + 8, kJp2UuidExif, 16) == 0) + { + #ifdef EXIV2_DEBUG_MESSAGES diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb index 2419bab352..d5d9e62ff2 100644 --- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb +++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb @@ -15,6 +15,7 @@ SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.pat file://CVE-2021-29463.patch \ file://CVE-2021-29464.patch \ file://CVE-2021-29470.patch \ + file://CVE-2021-29473.patch \ file://CVE-2021-3482.patch" S = "${WORKDIR}/${BPN}-${PV}-Source" |