File bug-771229_CVE-2012-2840.patch of Package libexif.648
Update of /cvsroot/libexif/libexif/libexif
In directory vz-cvs-4.sog:/tmp/cvs-serv18116/libexif
Modified Files:
exif-utils.c
Log Message:
Fixed an off-by-one error in exif_convert_utf16_to_utf8()
This can cause a one-byte NUL write past the end of the buffer.
This fixes CVE-2012-2840
Index: exif-utils.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/exif-utils.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- libexif/exif-utils.c 27 Oct 2009 06:06:11 -0000 1.16
+++ libexif/exif-utils.c 12 Jul 2012 17:11:30 -0000 1.17
@@ -239,7 +239,7 @@
break;
}
} else {
- if (maxlen > 2) {
+ if (maxlen > 3) {
*out++ = ((*in >> 12) & 0x0F) | 0xE0;
*out++ = ((*in >> 6) & 0x3F) | 0x80;
*out++ = (*in++ & 0x3F) | 0x80;
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
libexif-cvs mailing list
libexif-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libexif-cvs