jhead: fix CVE-2018-16554 CVE-2018-17088 CVE-2018-6612
This commit is contained in:
parent
da5b8933f2
commit
72e31d63a7
4 changed files with 71 additions and 1 deletions
20
srcpkgs/jhead/patches/CVE-2018-16554.patch
Normal file
20
srcpkgs/jhead/patches/CVE-2018-16554.patch
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
From: Ludovic Rousseau <rousseau@debian.org>
|
||||||
|
Date: Sat Sep 8 16:19:07 CEST 2018
|
||||||
|
Subject: fix heap buffer overflow
|
||||||
|
|
||||||
|
Bug-Debian: https://bugs.debian.org/908176
|
||||||
|
Description: Fix CVE-2018-16554
|
||||||
|
|
||||||
|
--- gpsinfo.c
|
||||||
|
+++ gpsinfo.c
|
||||||
|
@@ -162,7 +162,8 @@
|
||||||
|
break;
|
||||||
|
|
||||||
|
case TAG_GPS_ALT:
|
||||||
|
- sprintf(ImageInfo.GpsAlt + 1, "%.2fm",
|
||||||
|
+ snprintf(ImageInfo.GpsAlt + 1, sizeof(ImageInfo.GpsAlt) -1,
|
||||||
|
+ "%.2fm",
|
||||||
|
ConvertAnyFormat(ValuePtr, Format));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
27
srcpkgs/jhead/patches/CVE-2018-17088.patch
Normal file
27
srcpkgs/jhead/patches/CVE-2018-17088.patch
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
From: Ludovic Rousseau <rousseau@debian.org>
|
||||||
|
Date: Wed Sep 5 15:32:00 CEST 2018
|
||||||
|
Subject: Fix heap buffer overflow
|
||||||
|
|
||||||
|
Bug-Debian: http://bugs.debian.org/907925
|
||||||
|
Description: Fix CVE-2018-17088
|
||||||
|
|
||||||
|
--- gpsinfo.c
|
||||||
|
+++ gpsinfo.c
|
||||||
|
@@ -4,6 +4,7 @@
|
||||||
|
// Matthias Wandel, Dec 1999 - Dec 2002
|
||||||
|
//--------------------------------------------------------------------------
|
||||||
|
#include "jhead.h"
|
||||||
|
+#include <stdint.h>
|
||||||
|
|
||||||
|
#define MAX_GPS_TAG 0x1e
|
||||||
|
|
||||||
|
@@ -101,7 +102,7 @@
|
||||||
|
unsigned OffsetVal;
|
||||||
|
OffsetVal = Get32u(DirEntry+8);
|
||||||
|
// If its bigger than 4 bytes, the dir entry contains an offset.
|
||||||
|
- if (OffsetVal+ByteCount > ExifLength){
|
||||||
|
+ if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){
|
||||||
|
// Bogus pointer offset and / or bytecount value
|
||||||
|
ErrNonfatal("Illegal value pointer for Exif gps tag %04x", Tag,0);
|
||||||
|
continue;
|
||||||
|
|
23
srcpkgs/jhead/patches/CVE-2018-6612.patch
Normal file
23
srcpkgs/jhead/patches/CVE-2018-6612.patch
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
From: Ludovic Rousseau <rousseau@debian.org>
|
||||||
|
Date: Sat, 3 Feb 2018 10:23:09 +0100
|
||||||
|
Subject: Fix heap buffer overflow
|
||||||
|
|
||||||
|
Bug-Debian: http://bugs.debian.org/889272
|
||||||
|
|
||||||
|
---
|
||||||
|
exif.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/exif.c b/exif.c
|
||||||
|
index bcde6c8..1dee145 100644
|
||||||
|
--- exif.c
|
||||||
|
+++ exif.c
|
||||||
|
@@ -1020,7 +1020,7 @@ void process_EXIF (unsigned char * ExifSection, unsigned int length)
|
||||||
|
|
||||||
|
FirstOffset = Get32u(ExifSection+12);
|
||||||
|
if (FirstOffset < 8 || FirstOffset > 16){
|
||||||
|
- if (FirstOffset < 16 || FirstOffset > length-16){
|
||||||
|
+ if (FirstOffset < 16 || length < 16 || FirstOffset > length-16){
|
||||||
|
ErrNonfatal("invalid offset for first Exif IFD value",0,0);
|
||||||
|
return;
|
||||||
|
}
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'jhead'
|
# Template file for 'jhead'
|
||||||
pkgname=jhead
|
pkgname=jhead
|
||||||
version=3.00
|
version=3.00
|
||||||
revision=3
|
revision=4
|
||||||
build_style=gnu-makefile
|
build_style=gnu-makefile
|
||||||
short_desc="Display and manipulate EXIF header of JPEG images"
|
short_desc="Display and manipulate EXIF header of JPEG images"
|
||||||
maintainer="Oliver Kiddle <okiddle@yahoo.co.uk>"
|
maintainer="Oliver Kiddle <okiddle@yahoo.co.uk>"
|
||||||
|
|
Loading…
Reference in a new issue