projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 91b150d) | patch
package/exiv2: fix CVE-2019-20421
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 29 Feb 2020 21:32:04 +0000 (22:32 +0100)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sat, 29 Feb 2020 22:20:35 +0000 (23:20 +0100)
commitd8be0e4cd4c2c21d601e9d425f9bee1349c4589d
tree3b7afa468fb3277060effd33cb7c0abb98071fd9tree
parent91b150dc33841be13a2085d52c312dafe0b87767commit | diff
package/exiv2: fix CVE-2019-20421

In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input
file can result in an infinite loop and hang, with high CPU consumption.
Remote attackers could leverage this vulnerability to cause a denial of
service via a crafted file.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/exiv2/0002-fix_1011_jp2_readmetadata_loop.patch [new file with mode: 0644] blob
package/exiv2/exiv2.mk diff | blob | history