File CVE-2018-6612.patch of Package jhead.9036
From: Ludovic Rousseau <rousseau@debian.org>
Date: Sat, 3 Feb 2018 10:23:09 +0100
Subject: Fix heap buffer overflow
Upstream: dead
Bug-Debian: http://bugs.debian.org/889272
Fixed an integer underflow bug in the process_EXIF function of
the exif.c file of raises a heap-based buffer over-read when processing a
malicious JPEGfile, which may allow a remote attacker to cause a DoS
CVE-2018-6612 boo#1079349
--- jhead-3.00.orig/exif.c
+++ jhead-3.00/exif.c
@@ -1019,7 +1019,7 @@ void process_EXIF (unsigned char * ExifS
FirstOffset = Get32u(ExifSection+12);
if (FirstOffset < 8 || FirstOffset > 16){
- if (FirstOffset < 16 || FirstOffset > length-16){
+ if (FirstOffset < 16 || length < 16 || FirstOffset > length-16){
ErrNonfatal("invalid offset for first Exif IFD value",0,0);
return;
}