[OE-core] [denzil 07/18] Security Advisory - libexif - CVE-2012-2840

Thu, 07 Feb 2013 15:31:31 -0800 

From: Yue Tao <yue....@windriver.com>

[ CQID: WIND00366793 ]

Off-by-one error in the exif_convert_utf16_to_utf8 function in
exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before
0.6.21 allows remote attackers to cause a denial of service or
possibly execute arbitrary code via crafted EXIF tags in an image.

Signed-off-by: Yue Tao <yue....@windriver.com>
Signed-off-by: Robert Yang <liezhi.y...@windriver.com>
Signed-off-by: Mark Hatle <mark.ha...@windriver.com>
---
 .../libexif/libexif/0006-libexif-CVE-2012-2840.patch    | 17 +++++++++++++++++
 meta/recipes-support/libexif/libexif_0.6.20.bb          |  3 ++-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-support/libexif/libexif/0006-libexif-CVE-2012-2840.patch

diff --git 
a/meta/recipes-support/libexif/libexif/0006-libexif-CVE-2012-2840.patch 
b/meta/recipes-support/libexif/libexif/0006-libexif-CVE-2012-2840.patch
new file mode 100644
index 0000000..81c5821
--- /dev/null
+++ b/meta/recipes-support/libexif/libexif/0006-libexif-CVE-2012-2840.patch
@@ -0,0 +1,17 @@
+Index: libexif/exif-utils.c
+===================================================================
+RCS file: /cvsroot/libexif/libexif/libexif/exif-utils.c,v
+retrieving revision 1.16
+retrieving revision 1.17
+diff -c -u -r1.16 -r1.17
+--- a/libexif/exif-utils.c     27 Oct 2009 06:06:11 -0000      1.16
++++ b/libexif/exif-utils.c     12 Jul 2012 17:11:30 -0000      1.17
+@@ -239,7 +239,7 @@
+                               break;
+                       }
+               } else {
+-                      if (maxlen > 2) {
++                      if (maxlen > 3) {
+                               *out++ = ((*in >> 12) & 0x0F) | 0xE0;
+                               *out++ = ((*in >> 6) & 0x3F) | 0x80;
+                               *out++ = (*in++ & 0x3F) | 0x80;
diff --git a/meta/recipes-support/libexif/libexif_0.6.20.bb 
b/meta/recipes-support/libexif/libexif_0.6.20.bb
index 6affc9e..757163b 100644
--- a/meta/recipes-support/libexif/libexif_0.6.20.bb
+++ b/meta/recipes-support/libexif/libexif_0.6.20.bb
@@ -11,7 +11,8 @@ SRC_URI = 
"${SOURCEFORGE_MIRROR}/libexif/libexif-${PV}.tar.bz2 \
          file://0002-libexif-CVE-2012-2812.patch \
          file://0003-libexif-CVE-2012-2841.patch \
          file://0004-libexif-CVE-2012-2836.patch \
-         file://0005-libexif-CVE-2012-2837.patch"
+         file://0005-libexif-CVE-2012-2837.patch \
+         file://0006-libexif-CVE-2012-2840.patch"
 
 SRC_URI[md5sum] = "19844ce6b5d075af16f0d45de1e8a6a3"
 SRC_URI[sha256sum] = 
"a772d20bd8fb9802d7f0d70fde6ac8872f87d0c66c52b0d14026dafcaa83d715"
-- 
1.8.1.2.545.g2f19ada


_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Reply via email to