rpms/libexif
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix integer underflow in MakerNote decoding (CVE-2026-40386)

Browse Source 
Resolves: RHEL-170241
This commit is contained in:
Jan Grulich 2026-05-07 08:21:29 +00:00
parent eedde89516
commit ccc61e70ee
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
fixed-2-unsigned-integer-underflows.patch Normal file
View File

@ -0,0 +1,41 @@
From dc6eac6e9655d14d0779d99e82d0f5f442d2f34b Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.de>
Date: Thu, 2 Apr 2026 13:26:31 +0200
Subject: [PATCH] fixed 2 unsigned integer underflows
this could cause crashes or data leaks.
Reported-by: Kerwin <kerwinxia66001@gmail.com>
---
libexif/fuji/exif-mnote-data-fuji.c | 2 +-
libexif/olympus/exif-mnote-data-olympus.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libexif/fuji/exif-mnote-data-fuji.c b/libexif/fuji/exif-mnote-data-fuji.c
index c28c541..2dcb877 100644
--- a/libexif/fuji/exif-mnote-data-fuji.c
+++ b/libexif/fuji/exif-mnote-data-fuji.c
@@ -70,7 +70,7 @@ exif_mnote_data_fuji_get_value (ExifMnoteData *d, unsigned int i, char *val, uns
ExifMnoteDataFuji *n = (ExifMnoteDataFuji *) d;
if (!d || !val) return NULL;
- if (i > n->count -1) return NULL;
+ if (i >= n->count) return NULL;
/*
exif_log (d->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataFuji",
"Querying value for tag '%s'...",
diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c
index a57af17..428f365 100644
--- a/libexif/olympus/exif-mnote-data-olympus.c
+++ b/libexif/olympus/exif-mnote-data-olympus.c
@@ -78,7 +78,7 @@ exif_mnote_data_olympus_get_value (ExifMnoteData *d, unsigned int i, char *val,
ExifMnoteDataOlympus *n = (ExifMnoteDataOlympus *) d;
if (!d || !val) return NULL;
- if (i > n->count -1) return NULL;
+ if (i >= n->count) return NULL;
/*
exif_log (d->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
"Querying value for tag '%s'...",
--
2.53.0

10
libexif.spec
View File

@ -1,11 +1,15 @@
Summary: Library for extracting extra information from image files
Name: libexif
Version: 0.6.24
Release: 9%{?dist}
Release: 10%{?dist}
License: LGPL-2.1-or-later
URL: https://libexif.github.io/
Source0: https://github.com/libexif/libexif/releases/download/v%{version}/libexif-%{version}.tar.bz2
# CVE-2026-40386
# https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b
Patch: fixed-2-unsigned-integer-underflows.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: doxygen
@ -74,6 +78,10 @@ rm -rf %{buildroot}%{_datadir}/doc/libexif
%changelog
* Thu May 07 2026 Jan Grulich <jgrulich@redhat.com> - 0.6.24-10
- Fix integer underflow in MakerNote decoding (CVE-2026-40386)
Resolves: RHEL-170241
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.6.24-9
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018