Overview

File CVE-2021-37621.patch of Package exiv2.30966

From 191cd2690608f19335d82ed2be36c7ce8bdc60b9 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Tue, 13 Jul 2021 22:50:16 +0100
Subject: [PATCH] dirLength == 0 can cause an infinite loop.

---
 src/image.cpp | 2 ++
 1 file changed, 2 insertions(+)

Index: exiv2-0.26/src/image.cpp
===================================================================
--- exiv2-0.26.orig/src/image.cpp
+++ exiv2-0.26/src/image.cpp
@@ -33,6 +33,7 @@ EXIV2_RCSID("@(#) $Id$")
 #include "image_int.hpp"
 #include "error.hpp"
 #include "futils.hpp"
+#include "enforce.hpp"
 
 #include "cr2image.hpp"
 #include "crwimage.hpp"
@@ -353,6 +354,8 @@ namespace Exiv2 {
                 throw Error(kerCorruptedMetadata);
             }
             uint16_t   dirLength = byteSwap2(dir,0,bSwap);
+            // Prevent infinite loops. (GHSA-m479-7frc-gqqg)
+            enforce(dirLength > 0, kerCorruptedMetadata);
 
             bool tooBig = dirLength > 500;
openSUSE Build Service is sponsored by
Places