Overview

File CVE-2021-29473.patch of Package exiv2-0_26.26888

From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Fri, 23 Apr 2021 11:44:44 +0100
Subject: [PATCH 2/2] Add bounds check in Jp2Image::doWriteMetadata().

---
 src/jp2image.cpp | 1 +
 1 file changed, 1 insertion(+)

Index: exiv2-0.26/src/jp2image.cpp
===================================================================
--- exiv2-0.26.orig/src/jp2image.cpp
+++ exiv2-0.26/src/jp2image.cpp
@@ -902,6 +902,7 @@ static void boxes_check(size_t b,size_t
 
                 case kJp2BoxTypeUuid:
                 {
+                    enforce(boxBuf.size_ >= 24, Exiv2::kerCorruptedMetadata);
                     if(memcmp(boxBuf.pData_ + 8, kJp2UuidExif, 16) == 0)
                     {
 #ifdef DEBUG
openSUSE Build Service is sponsored by
Places