Overview

File CVE-2018-17581.patch of Package exiv2.26214

Index: exiv2-0.23/src/crwimage.cpp
===================================================================
--- exiv2-0.23.orig/src/crwimage.cpp
+++ exiv2-0.23/src/crwimage.cpp
@@ -456,6 +456,8 @@ namespace Exiv2 {
                                       uint32_t    size,
                                       ByteOrder   byteOrder)
     {
+        if (size < 4)
+            throw Error(33);
         uint32_t o = getULong(pData + size - 4, byteOrder);
         if (o + 2 > size) throw Error(33);
         uint16_t count = getUShort(pData + o, byteOrder);
@@ -464,8 +466,10 @@ namespace Exiv2 {
                   <<", " << count << " entries \n";
 #endif
         o += 2;
+        if ( (o + (count * 10)) > size )
+            throw Error(33);
+
         for (uint16_t i = 0; i < count; ++i) {
-            if (o + 10 > size) throw Error(33);
             uint16_t tag = getUShort(pData + o, byteOrder);
             CiffComponent::AutoPtr m;
             switch (CiffComponent::typeId(tag)) {
openSUSE Build Service is sponsored by
Places