packages/freeimage
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freeimage/CVE-2021-33367.patch

19 lines
975 B
Diff
Raw Normal View History

Fix CVE-2020-24292 CVE-2020-24293 CVE-2020-24295 CVE-2021-33367 CVE-2021-40263 CVE-2021-40266 CVE-2023-47995 CVE-2023-47997
2024-10-24 19:59:32 +08:00
Origin: https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2023-33367.patch
diff -rupN --no-dereference freeimage-svn-r1909-FreeImage-trunk/Source/Metadata/Exif.cpp freeimage-svn-r1909-FreeImage-trunk-new/Source/Metadata/Exif.cpp
--- freeimage-svn-r1909-FreeImage-trunk/Source/Metadata/Exif.cpp 2024-10-23 09:59:54.487770330 +0800
+++ freeimage-svn-r1909-FreeImage-trunk/Source/Metadata/Exif.cpp 2024-10-23 10:01:14.995770330 +0800
@@ -720,7 +720,12 @@ jpeg_read_exif_dir(FIBITMAP *dib, const
const WORD entriesCount0th = ReadUint16(msb_order, ifd0th);
- DWORD next_offset = ReadUint32(msb_order, DIR_ENTRY_ADDR(ifd0th, entriesCount0th));
+ const BYTE* de_addr = DIR_ENTRY_ADDR(ifd0th, entriesCount0th);
+ if(de_addr+4 >= (BYTE*)(dwLength + ifd0th - tiffp)) {
+ return TRUE; //< no thumbnail
+ }
+
+ DWORD next_offset = ReadUint32(msb_order, de_addr);
if((next_offset == 0) || (next_offset >= dwLength)) {
return TRUE; //< no thumbnail
}
Reference in New Issue Copy Permalink