Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
exiv2.7392
CVE-2017-11591.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-11591.patch of Package exiv2.7392
From 70e15f50fa2f8ebb2bf0661923a0fb6911bcc3c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@cgc-instruments.com> Date: Tue, 26 Sep 2017 22:57:59 +0200 Subject: [PATCH 1/9] Added missing include for INT_MIN & INT_MAX constants (cherry picked from commit d4e7510f7c11186bedddc071e5c6ad6ade473da9) --- include/exiv2/value.hpp | 1 + 1 file changed, 1 insertion(+) diff --git a/include/exiv2/value.hpp b/include/exiv2/value.hpp index 831eab3f..cbd9e6c8 100644 --- a/include/exiv2/value.hpp +++ b/include/exiv2/value.hpp @@ -44,6 +44,7 @@ #include <sstream> #include <memory> #include <cstring> +#include <climits> // ***************************************************************************** // namespace extensions -- 2.14.1 From df7f9b2829dfb47c741ddf05ddf7706213733e4b Mon Sep 17 00:00:00 2001 From: clanmills <robin@clanmills.com> Date: Tue, 26 Sep 2017 21:37:53 +0100 Subject: [PATCH 2/9] =?UTF-8?q?Fix=20https://github.com/Exiv2/exiv2/issues?= =?UTF-8?q?/55=20=20Thank=20You,=20Rapha=C3=ABl=20Hertzog.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (cherry picked from commit c037d7377bc7bd63acc3f240101ff44002d19027) --- include/exiv2/value.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/exiv2/value.hpp b/include/exiv2/value.hpp index cbd9e6c8..8e1fcff6 100644 --- a/include/exiv2/value.hpp +++ b/include/exiv2/value.hpp @@ -1662,7 +1662,7 @@ namespace Exiv2 { template<> inline long ValueType<Rational>::toLong(long n) const { - ok_ = (value_[n].second != 0); + ok_ = (value_[n].second != 0 && INT_MIN < value_[n].first && value_[n].first < INT_MAX ); if (!ok_) return 0; return value_[n].first / value_[n].second; } -- 2.14.1 From f2712004d89cc556af8b45cb714e2316025092a8 Mon Sep 17 00:00:00 2001 From: clanmills <robin@clanmills.com> Date: Wed, 27 Sep 2017 09:20:13 +0100 Subject: [PATCH 3/9] Fix https://github.com/Exiv2/exiv2/issues/55 (cherry picked from commit 6e3855aed7ba8bb4731fc4087ca7f9078b2f3d97) --- include/exiv2/value.hpp | 6 ++++-- src/basicio.cpp | 1 + src/error.cpp | 7 ++++++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/include/exiv2/value.hpp b/include/exiv2/value.hpp index 8e1fcff6..27553f14 100644 --- a/include/exiv2/value.hpp +++ b/include/exiv2/value.hpp @@ -1658,11 +1658,13 @@ namespace Exiv2 { ok_ = true; return static_cast<long>(value_[n]); } +// #55 crash when value_[n].first == LONG_MIN +#define LARGE_INT 1000000 // Specialization for rational template<> inline long ValueType<Rational>::toLong(long n) const { - ok_ = (value_[n].second != 0 && INT_MIN < value_[n].first && value_[n].first < INT_MAX ); + ok_ = (value_[n].second != 0 && -LARGE_INT < value_[n].first && value_[n].first < LARGE_INT); if (!ok_) return 0; return value_[n].first / value_[n].second; } @@ -1670,7 +1672,7 @@ namespace Exiv2 { template<> inline long ValueType<URational>::toLong(long n) const { - ok_ = (value_[n].second != 0); + ok_ = (value_[n].second != 0 && value_[n].first < LARGE_INT); if (!ok_) return 0; return value_[n].first / value_[n].second; } diff --git a/src/basicio.cpp b/src/basicio.cpp index a829690c..a6bfa11d 100644 --- a/src/basicio.cpp +++ b/src/basicio.cpp @@ -1035,6 +1035,7 @@ namespace Exiv2 { DataBuf FileIo::read(long rcount) { assert(p_->fp_ != 0); + if ( (size_t) rcount > size() ) throw Error(57); DataBuf buf(rcount); long readCount = read(buf.pData_, buf.size_); buf.size_ = readCount; diff --git a/src/error.cpp b/src/error.cpp index b7472b78..dcdde2ed 100644 --- a/src/error.cpp +++ b/src/error.cpp @@ -105,7 +105,12 @@ namespace { { 49, N_("TIFF directory %1 has too many entries") }, // %1=TIFF directory name { 50, N_("Multiple TIFF array element tags %1 in one directory") }, // %1=tag number { 51, N_("TIFF array element tag %1 has wrong type") }, // %1=tag number - { 52, N_("%1 has invalid XMP value type `%2'") } // %1=key, %2=value type + { 52, N_("%1 has invalid XMP value type `%2'") }, // %1=key, %2=value type + { 53, N_("Not a valid ICC Profile") }, + { 54, N_("Not valid XMP") }, + { 55, N_("tiff directory length is too large") }, + { 56, N_("invalid type value detected in Image::printIFDStructure") }, + { 57, N_("invalid memory allocation request") }, }; } -- 2.14.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor