main/libexif: security fix (CVE-2017-7544)

Fixes #9521
author: Leonardo Arena <rnalrd@alpinelinux.org> 2018-10-08 13:45:08 +0000
committer: Leonardo Arena <rnalrd@alpinelinux.org> 2018-10-08 13:45:08 +0000
commit: 9d34941961856b21028cb4a838a1218a8edf332b (patch)
tree: ff607eea0ac36d3b613354644730fb3d77553a3b /main/libexif/CVE-2017-7544.patch
parent: f673b89cd43dc3fe12a443558e82318ed03fb6ef (diff)
download: aports-9d34941961856b21028cb4a838a1218a8edf332b.tar.bz2
aports-9d34941961856b21028cb4a838a1218a8edf332b.tar.xz
1 files changed, 20 insertions, 0 deletions
diff --git a/main/libexif/CVE-2017-7544.patch b/main/libexif/CVE-2017-7544.patch
new file mode 100644
index 0000000000..b8825e1385
--- /dev/null
+++ b/main/libexif/CVE-2017-7544.patch
@@ -0,0 +1,20 @@
+Index: libexif/exif-data.c
+===================================================================
+RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
+retrieving revision 1.131
+diff -u -r1.131 exif-data.c
+--- a/libexif/exif-data.c	12 Jul 2012 17:28:26 -0000	1.131
++++ b/libexif/exif-data.c	25 Jul 2017 21:34:06 -0000
+@@ -255,6 +255,12 @@
+ 			exif_mnote_data_set_offset (data->priv->md, *ds - 6);
+ 			exif_mnote_data_save (data->priv->md, &e->data, &e->size);
+ 			e->components = e->size;
++			if (exif_format_get_size (e->format) != 1) {
++				/* e->format is taken from input code,
++				 * but we need to make sure it is a 1 byte
++				 * entity due to the multiplication below. */
++				e->format = EXIF_FORMAT_UNDEFINED;
++			}
+ 		}
+ 	}
+
author	Leonardo Arena <rnalrd@alpinelinux.org>	2018-10-08 13:45:08 +0000
committer	Leonardo Arena <rnalrd@alpinelinux.org>	2018-10-08 13:45:08 +0000
commit	9d34941961856b21028cb4a838a1218a8edf332b (patch)
tree	ff607eea0ac36d3b613354644730fb3d77553a3b /main/libexif/CVE-2017-7544.patch
parent	f673b89cd43dc3fe12a443558e82318ed03fb6ef (diff)
download	aports-9d34941961856b21028cb4a838a1218a8edf332b.tar.bz2 aports-9d34941961856b21028cb4a838a1218a8edf332b.tar.xz