packages/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!17 fix CVE-2018-9145

Browse Source 
From: @zzm_567
Reviewed-by: @orange-snn
Signed-off-by: @orange-snn
This commit is contained in:
openeuler-ci-bot 2020-09-18 16:12:55 +08:00 committed by Gitee
commit cc572f864a
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
CVE-2018-9145.patch Normal file
View File

@ -0,0 +1,27 @@
From c03f73268f65c73f9d3d7b670f13e48e92692750 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roberto=20C=2E=20S=C3=A1nchez?= <roberto@connexer.com>
Date: Fri, 18 Sep 2020 14:40:36 +0800
Subject: [PATCH] Prevent SIGABRT on excessive subBox length in jp2image.cpp
This fixes CVE-2018-9145
---
src/jp2image.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index 3cebc2a..6a662fa 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -505,6 +505,10 @@ namespace Exiv2
subBox.length = getLong((byte*)&subBox.length, bigEndian);
subBox.type = getLong((byte*)&subBox.type, bigEndian);
+ // subBox.length makes no sense if it is larger than the rest of the file
+ if (subBox.length > io_->size() - io_->tell()) {
+ throw Error(kerCorruptedMetadata);
+ }
DataBuf data(subBox.length-sizeof(box));
io_->read(data.pData_,data.size_);
if ( bPrint ) {
--
2.27.0

9
exiv2.spec
View File

@ -1,6 +1,6 @@
Name: exiv2 Name: exiv2
Version: 0.26 Version: 0.26
Release: 21 Release: 22
Summary: Exif, IPTC and XMP metadata and the ICC Profile Summary: Exif, IPTC and XMP metadata and the ICC Profile
License: GPLv2+ License: GPLv2+
URL: http://www.exiv2.org/ URL: http://www.exiv2.org/
@ -57,6 +57,7 @@ Patch6024: CVE-2018-11037.patch
Patch6025: backport-Fix-ICC-profile-in-PNG-images.patch Patch6025: backport-Fix-ICC-profile-in-PNG-images.patch
Patch6026: backport-CVE-2019-13109.patch Patch6026: backport-CVE-2019-13109.patch
Patch6027: exiv2-CVE-2019-13111.patch Patch6027: exiv2-CVE-2019-13111.patch
Patch6028: CVE-2018-9145.patch
Provides: exiv2-libs Provides: exiv2-libs
Obsoletes: exiv2-libs Obsoletes: exiv2-libs
@ -120,6 +121,12 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
%{_datadir}/doc/html/ %{_datadir}/doc/html/
%changelog %changelog
* Thu Sep 17 2020 zhanzhimin <zhanzhimin@huawei.com> - 0.26-22
- Type:cves
- ID:CVE-2018-9145
- SUG:NA
- DESC:fix CVE-2018-9145
* Tue Sep 8 2020 hanhui <hanhui15@huawei.com> - 0.26.21 * Tue Sep 8 2020 hanhui <hanhui15@huawei.com> - 0.26.21
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA