godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2025-12-31 09:48:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
2019.11.x
buildroot/package/libexif
History
Peter Korsgaard d60dccfdc2 package/libexif: add post-0.6.21 upstream security fixes 
Fixes the following security issues:

- CVE-2016-6328: A vulnerability was found in libexif.  An integer overflow
  when parsing the MNOTE entry data of the input file.  This can cause
  Denial-of-Service (DoS) and Information Disclosure (disclosing some
  critical heap chunk metadata, even other applications' private data).

- CVE-2017-7544: libexif through 0.6.21 is vulnerable to out-of-bounds heap
  read vulnerability in exif_data_save_data_entry function in
  libexif/exif-data.c caused by improper length computation of the allocated
  data of an ExifMnote entry which can cause denial-of-service or possibly
  information disclosure.

- CVE-2018-20030: An error when processing the EXIF_IFD_INTEROPERABILITY and
  EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to
  exhaust available CPU resources.

- CVE-2019-9278: In libexif, there is a possible out of bounds write due to
  an integer overflow.  This could lead to remote escalation of privilege in
  the media content provider with no additional execution privileges needed.
  User interaction is needed for exploitation.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 81a4940d25)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-03-10 23:44:43 +01:00
..
0001-fixes-some-not-all-buffer-overreads-during-decoding-.patch
0002-On-saving-makernotes-make-sure-the-makernote-contain.patch
0003-Reduce-maximum-recursion-depth-in-exif_data_load_dat.patch
0004-Improve-deep-recursion-detection-in-exif_data_load_d.patch
0005-fix-CVE-2019-9278.patch
Config.in
libexif.hash
libexif.mk