projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ffb5012) | patch
package/exiv2: fix CVE-2019-17402
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 29 Feb 2020 21:32:03 +0000 (22:32 +0100)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sat, 29 Feb 2020 22:10:32 +0000 (23:10 +0100)
commitd383b46ac1efc987e7dad9b35380bf7ee154bfcc
tree3627d6a4daaf82844a52fb0993d2fe583a415275tree
parentffb50125b091a8a86985df117b71942b8a7a0484commit | diff
package/exiv2: fix CVE-2019-17402

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in
types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory
in crwimage_int.cpp, because there is no validation of the relationship
of the total size to the offset and size.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/exiv2/0001-crwimage-Check-offset-and-size-against-total-size.patch [new file with mode: 0644] blob
package/exiv2/exiv2.mk diff | blob | history