aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/libexif-CVE-2017-7544.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libexif-CVE-2017-7544.patch')
-rw-r--r--gnu/packages/patches/libexif-CVE-2017-7544.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/gnu/packages/patches/libexif-CVE-2017-7544.patch b/gnu/packages/patches/libexif-CVE-2017-7544.patch
new file mode 100644
index 0000000000..c4ea373dc5
--- /dev/null
+++ b/gnu/packages/patches/libexif-CVE-2017-7544.patch
@@ -0,0 +1,29 @@
+Fix CVE-2017-7544:
+
+https://sourceforge.net/p/libexif/bugs/130/
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
+
+Patch copied from upstream bug tracker:
+
+https://sourceforge.net/p/libexif/bugs/130/#489a
+
+Index: libexif/exif-data.c
+===================================================================
+RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
+retrieving revision 1.131
+diff -u -r1.131 exif-data.c
+--- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131
++++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000
+@@ -255,6 +255,12 @@
+ exif_mnote_data_set_offset (data->priv->md, *ds - 6);
+ exif_mnote_data_save (data->priv->md, &e->data, &e->size);
+ e->components = e->size;
++ if (exif_format_get_size (e->format) != 1) {
++ /* e->format is taken from input code,
++ * but we need to make sure it is a 1 byte
++ * entity due to the multiplication below. */
++ e->format = EXIF_FORMAT_UNDEFINED;
++ }
+ }
+ }
+