rpms/exempi
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2020-18651

Browse Source 
Resolves: RHEL-5415
This commit is contained in:
Matej Mužila 2024-01-08 18:32:20 +01:00
parent b100201b31
commit 3d458b0bde
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
0001-CVE-2020-18651-Issue-13-Fix-a-buffer-a-overflow-in-I.patch Normal file
View File

@ -0,0 +1,41 @@
From 4f583ff12989f7cea1f81bd2751c321030f1bdbf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= <hub@figuiere.net>
Date: Sun, 28 Jul 2019 10:15:19 -0400
Subject: [PATCH] (CVE-2020-18651) Issue #13 - Fix a buffer a overflow in ID3
support
https://gitlab.freedesktop.org/libopenraw/exempi/issues/13
(cherry picked from commit fdd4765a699f9700850098b43b9798b933acb32f)
---
XMPFiles/source/FormatSupport/ID3_Support.cpp | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/XMPFiles/source/FormatSupport/ID3_Support.cpp b/XMPFiles/source/FormatSupport/ID3_Support.cpp
index dd19c16..4619079 100644
--- a/XMPFiles/source/FormatSupport/ID3_Support.cpp
+++ b/XMPFiles/source/FormatSupport/ID3_Support.cpp
@@ -669,6 +669,10 @@ bool ID3v2Frame::getFrameValue ( XMP_Uns8 majorVersion, XMP_Uns32 logicalID, std
std::string tmp ( this->content, this->contentSize );
bool bigEndian = true; // assume for now (if no BOM follows)
+ if (pos + 2 > this->contentSize) {
+ // No enough for the string
+ break;
+ }
if ( GetUns16BE ( &this->content[pos] ) == 0xFEFF ) {
pos += 2;
bigEndian = true;
@@ -686,6 +690,10 @@ bool ID3v2Frame::getFrameValue ( XMP_Uns8 majorVersion, XMP_Uns32 logicalID, std
{
if ( commMode && (! advancePastCOMMDescriptor ( pos )) ) return false; // not a frame of interest!
+ if (pos + 4 > this->contentSize) {
+ // No enough for the string
+ break;
+ }
if ( (GetUns32BE ( &this->content[pos]) & 0xFFFFFF00 ) == 0xEFBBBF00 ) {
pos += 3; // swallow any BOM, just in case
}
--
2.41.0

8
exempi.spec
View File

@ -1,12 +1,13 @@
Summary: Library for easy parsing of XMP metadata Summary: Library for easy parsing of XMP metadata
Name: exempi Name: exempi
Version: 2.4.5 Version: 2.4.5
Release: 2%{?dist} Release: 3%{?dist}
License: BSD License: BSD
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://libopenraw.freedesktop.org/wiki/Exempi URL: http://libopenraw.freedesktop.org/wiki/Exempi
Source0: http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2 Source0: http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2
Patch0: CVE-2018-12648.patch Patch0: CVE-2018-12648.patch
Patch0001: 0001-CVE-2020-18651-Issue-13-Fix-a-buffer-a-overflow-in-I.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: boost-devel expat-devel zlib-devel pkgconfig BuildRequires: boost-devel expat-devel zlib-devel pkgconfig
# Work around for aarch64 support (https://bugzilla.redhat.com/show_bug.cgi?id=925327) # Work around for aarch64 support (https://bugzilla.redhat.com/show_bug.cgi?id=925327)
@ -31,6 +32,7 @@ developing with exempi.
%prep %prep
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1
%build %build
libtoolize -vi libtoolize -vi
@ -69,6 +71,10 @@ rm -rf %{buildroot}%{_libdir}/*.a
%{_libdir}/pkgconfig/*.pc %{_libdir}/pkgconfig/*.pc
%changelog %changelog
* Mon Jan 08 2024 Matej Mužila <mmuzila@redhat.com> - 2.4.5-3
- Fix CVE-2020-18651
- Resolves: RHEL-5415
* Wed Sep 26 2018 Nikola Forró <nforro@redhat.com> - 2.4.5-2 * Wed Sep 26 2018 Nikola Forró <nforro@redhat.com> - 2.4.5-2
- Fix CVE-2018-12648 - Fix CVE-2018-12648
Resolves #1594644 Resolves #1594644