diff options
author | Fabian Affolter <fabian@affolter-engineering.ch> | 2015-01-23 15:06:05 +0000 |
---|---|---|
committer | Fabian Affolter <fabian@affolter-engineering.ch> | 2015-03-11 14:33:14 +0000 |
commit | 55a409eb486ade654cef90cc060689b462643c6c (patch) | |
tree | 2f68757420b771cbf4e3c84cd11141ff93659432 | |
parent | b7b18fc0ecc10a20b3363498cf83ffd3c0e34f87 (diff) | |
download | aports-55a409eb486ade654cef90cc060689b462643c6c.tar.bz2 aports-55a409eb486ade654cef90cc060689b462643c6c.tar.xz |
main/exiv2: add patch to fix CVE-2014-9449
-rw-r--r-- | main/exiv2/exiv2-0.24-CVE-2014-9449.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/main/exiv2/exiv2-0.24-CVE-2014-9449.patch b/main/exiv2/exiv2-0.24-CVE-2014-9449.patch new file mode 100644 index 000000000..cf1b46fbf --- /dev/null +++ b/main/exiv2/exiv2-0.24-CVE-2014-9449.patch @@ -0,0 +1,27 @@ +diff -up exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 exiv2-0.24/src/riffvideo.cpp +--- exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 2013-12-01 06:13:42.000000000 -0600 ++++ exiv2-0.24/src/riffvideo.cpp 2015-01-05 11:21:42.306728309 -0600 +@@ -856,7 +856,7 @@ namespace Exiv2 { + + void RiffVideo::infoTagsHandler() + { +- const long bufMinSize = 100; ++ const long bufMinSize = 10000; + DataBuf buf(bufMinSize); + buf.pData_[4] = '\0'; + io_->seek(-12, BasicIo::cur); +@@ -879,10 +879,14 @@ namespace Exiv2 { + if(infoSize >= 0) { + size -= infoSize; + io_->read(buf.pData_, infoSize); ++ if(infoSize < 4) ++ buf.pData_[infoSize] = '\0'; + } + + if(tv) + xmpData_[exvGettext(tv->label_)] = buf.pData_; ++ else ++ continue; + } + io_->seek(cur_pos + size_external, BasicIo::beg); + } // RiffVideo::infoTagsHandler |