File CVE-2021-37620.patch of Package exiv2.26842
From 2e7bb581a234bfb0d0c9e16a1dbf037a8c30681e Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sat, 10 Jul 2021 10:42:24 +0100
Subject: [PATCH] Check that `type` isn't an empty string.
---
src/value.cpp | 3 +++
1 file changed, 3 insertions(+)
Index: exiv2-0.26/src/value.cpp
===================================================================
--- exiv2-0.26.orig/src/value.cpp
+++ exiv2-0.26/src/value.cpp
@@ -666,6 +666,9 @@ namespace Exiv2 {
if (buf.length() > 5 && buf.substr(0, 5) == "type=") {
std::string::size_type pos = buf.find_first_of(' ');
type = buf.substr(5, pos-5);
+ if (type.empty()) {
+ throw Error(kerInvalidXmpText, type);
+ }
// Strip quotes (so you can also specify the type without quotes)
if (type[0] == '"') type = type.substr(1);
if (type[type.length()-1] == '"') type = type.substr(0, type.length()-1);