File CVE-2021-29473.patch of Package exiv2-0_26.26888
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Fri, 23 Apr 2021 11:44:44 +0100
Subject: [PATCH 2/2] Add bounds check in Jp2Image::doWriteMetadata().
---
src/jp2image.cpp | 1 +
1 file changed, 1 insertion(+)
Index: exiv2-0.26/src/jp2image.cpp
===================================================================
--- exiv2-0.26.orig/src/jp2image.cpp
+++ exiv2-0.26/src/jp2image.cpp
@@ -902,6 +902,7 @@ static void boxes_check(size_t b,size_t
case kJp2BoxTypeUuid:
{
+ enforce(boxBuf.size_ >= 24, Exiv2::kerCorruptedMetadata);
if(memcmp(boxBuf.pData_ + 8, kJp2UuidExif, 16) == 0)
{
#ifdef DEBUG