File CVE-2018-16554.patch of Package jhead
From: Ludovic Rousseau <rousseau@debian.org> Date: Sat Sep 8 16:19:07 CEST 2018 Subject: fix heap buffer overflow Bug-Debian: https://bugs.debian.org/908176 Description: Fix CVE-2018-16554 --- a/gpsinfo.c +++ b/gpsinfo.c @@ -162,7 +162,8 @@ break; case TAG_GPS_ALT: - sprintf(ImageInfo.GpsAlt + 1, "%.2fm", + snprintf(ImageInfo.GpsAlt + 1, sizeof(ImageInfo.GpsAlt) -1, + "%.2fm", ConvertAnyFormat(ValuePtr, Format)); break; }