rpms/exiv2
5
0
Fork 0
Code Issues Pull Requests Releases Activity

CVE-2014-9449 exiv2: buffer overflow in RiffVideo::infoTagsHandler (#1178909)

Browse Source
This commit is contained in:
Rex Dieter 2015-01-05 11:27:20 -06:00
parent 0e1afd954a
commit b349f4ddba
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
exiv2-0.24-CVE-2014-9449.patch Normal file
View File

@ -0,0 +1,27 @@
diff -up exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 exiv2-0.24/src/riffvideo.cpp
--- exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 2013-12-01 06:13:42.000000000 -0600
+++ exiv2-0.24/src/riffvideo.cpp 2015-01-05 11:21:42.306728309 -0600
@@ -856,7 +856,7 @@ namespace Exiv2 {
void RiffVideo::infoTagsHandler()
{
- const long bufMinSize = 100;
+ const long bufMinSize = 10000;
DataBuf buf(bufMinSize);
buf.pData_[4] = '\0';
io_->seek(-12, BasicIo::cur);
@@ -879,10 +879,14 @@ namespace Exiv2 {
if(infoSize >= 0) {
size -= infoSize;
io_->read(buf.pData_, infoSize);
+ if(infoSize < 4)
+ buf.pData_[infoSize] = '\0';
}
if(tv)
xmpData_[exvGettext(tv->label_)] = buf.pData_;
+ else
+ continue;
}
io_->seek(cur_pos + size_external, BasicIo::beg);
} // RiffVideo::infoTagsHandler

12
exiv2.spec
View File

@ -6,13 +6,18 @@
Summary: Exif and Iptc metadata manipulation library Summary: Exif and Iptc metadata manipulation library
Name: exiv2 Name: exiv2
Version: 0.24 Version: 0.24
Release: 3%{?dist} Release: 4%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://www.exiv2.org/ URL: http://www.exiv2.org/
Source0: http://www.exiv2.org/exiv2-%{version}%{?pre:-%{pre}}.tar.gz Source0: http://www.exiv2.org/exiv2-%{version}%{?pre:-%{pre}}.tar.gz
## upstream patches ## upstream patches
# CVE-2014-9449 exiv2: buffer overflow in RiffVideo::infoTagsHandler
# https://bugzilla.redhat.com/show_bug.cgi?id=1178908
# http://dev.exiv2.org/issues/960
# commit: http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263
Patch100: exiv2-0.24-CVE-2014-9449.patch
## upstreamable patches ## upstreamable patches
Patch50: exiv2-0.24-cmake_LIB_SUFFIX.patch Patch50: exiv2-0.24-cmake_LIB_SUFFIX.patch
@ -66,6 +71,8 @@ BuildArch: noarch
%prep %prep
%setup -q -n %{name}-%{version}%{?pre:-%{pre}} %setup -q -n %{name}-%{version}%{?pre:-%{pre}}
%patch100 -p1 -b .CVE-2014-9449
%patch50 -p1 -b .cmake_LIB_SUFFIX %patch50 -p1 -b .cmake_LIB_SUFFIX
%patch51 -p1 -b .cmake_mandir %patch51 -p1 -b .cmake_mandir
%patch52 -p1 -b .doxygen_config %patch52 -p1 -b .doxygen_config
@ -141,6 +148,9 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
%changelog %changelog
* Mon Jan 05 2015 Rex Dieter <rdieter@fedoraproject.org> 0.24-4
- CVE-2014-9449 exiv2: buffer overflow in RiffVideo::infoTagsHandler (#1178909)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.24-3 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.24-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild