packages/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!78 Fix CVE-2024-39695

Browse Source 
From: @starlet-dx 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001
This commit is contained in:
openeuler-ci-bot 2024-07-09 06:12:48 +00:00 committed by Gitee
commit 1ad8667c42
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
backport-CVE-2024-39695.patch Normal file
View File

@ -0,0 +1,54 @@
From 3a28346db5ae1735a8728fe3491b0aecc1dbf387 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Thu, 4 Jul 2024 00:04:32 +0100
Subject: [PATCH] Credit to OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68210 Use readOrThrow()
to detect premature EOF.
(cherry picked from commit fc1fe453a246cb8e188bbc226b48b339d5f81580)
---
src/asfvideo.cpp | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/asfvideo.cpp b/src/asfvideo.cpp
index ab1ad4a591..1cec3854c9 100644
--- a/src/asfvideo.cpp
+++ b/src/asfvideo.cpp
@@ -238,7 +238,7 @@ void AsfVideo::readMetadata() {
AsfVideo::HeaderReader::HeaderReader(const BasicIo::UniquePtr& io) : IdBuf_(GUID) {
if (io->size() >= io->tell() + GUID + QWORD) {
- IdBuf_ = io->read(GUID);
+ io->readOrThrow(IdBuf_.data(), IdBuf_.size(), Exiv2::ErrorCode::kerCorruptedMetadata);
size_ = readQWORDTag(io);
if (size_ >= GUID + QWORD)
@@ -296,7 +296,7 @@ void AsfVideo::decodeBlock() {
void AsfVideo::decodeHeader() {
DataBuf nbHeadersBuf(DWORD + 1);
- io_->read(nbHeadersBuf.data(), DWORD);
+ io_->readOrThrow(nbHeadersBuf.data(), DWORD, Exiv2::ErrorCode::kerCorruptedMetadata);
uint32_t nb_headers = Exiv2::getULong(nbHeadersBuf.data(), littleEndian);
Internal::enforce(nb_headers < std::numeric_limits<uint32_t>::max(), Exiv2::ErrorCode::kerCorruptedMetadata);
@@ -358,7 +358,8 @@ void AsfVideo::DegradableJPEGMedia() {
}
void AsfVideo::streamProperties() {
- DataBuf streamTypedBuf = io_->read(GUID);
+ DataBuf streamTypedBuf(GUID);
+ io_->readOrThrow(streamTypedBuf.data(), streamTypedBuf.size(), Exiv2::ErrorCode::kerCorruptedMetadata);
enum class streamTypeInfo { Audio = 1, Video = 2 };
auto stream = static_cast<streamTypeInfo>(0);
@@ -476,7 +477,8 @@ void AsfVideo::contentDescription() {
} // AsfVideo::extendedContentDescription
void AsfVideo::fileProperties() {
- DataBuf FileIddBuf = io_->read(GUID);
+ DataBuf FileIddBuf(GUID);
+ io_->readOrThrow(FileIddBuf.data(), FileIddBuf.size(), Exiv2::ErrorCode::kerCorruptedMetadata);
xmpData()["Xmp.video.FileID"] = GUIDTag(FileIddBuf.data()).to_string();
xmpData()["Xmp.video.FileLength"] = readQWORDTag(io_);
xmpData()["Xmp.video.CreationDate"] = readQWORDTag(io_);

7
exiv2.spec
View File

@ -1,10 +1,12 @@
Name: exiv2 Name: exiv2
Version: 0.28.2 Version: 0.28.2
Release: 1 Release: 2
Summary: Exif, IPTC and XMP metadata and the ICC Profile Summary: Exif, IPTC and XMP metadata and the ICC Profile
License: GPLv2+ License: GPLv2+
URL: http://www.exiv2.org/ URL: http://www.exiv2.org/
Source0: https://github.com/Exiv2/exiv2/archive/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/Exiv2/exiv2/archive/v%{version}/%{name}-%{version}.tar.gz
# https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387
Patch3000: backport-CVE-2024-39695.patch
Provides: exiv2-libs = %{version}-%{release} Provides: exiv2-libs = %{version}-%{release}
Obsoletes: exiv2-libs < %{version}-%{release} Obsoletes: exiv2-libs < %{version}-%{release}
@ -74,6 +76,9 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
%{_pkgdocdir}/ %{_pkgdocdir}/
%changelog %changelog
* Tue Jul 09 2024 yaoxin <yao_xin001@hoperun.com> - 0.28.2-2
- Fix CVE-2024-39695
* Sat Feb 17 2024 yaoxin <yao_xin001@hoperun.com> - 0.28.2-1 * Sat Feb 17 2024 yaoxin <yao_xin001@hoperun.com> - 0.28.2-1
- Upgrade to 0.28.2 for fix CVE-2024-25112 and CVE-2024-24826 - Upgrade to 0.28.2 for fix CVE-2024-25112 and CVE-2024-24826