diff --git a/CVE-2018-9145.patch b/CVE-2018-9145.patch new file mode 100644 index 0000000000000000000000000000000000000000..fa01952bd799ca57eaa3055051b02b9a1956c662 --- /dev/null +++ b/CVE-2018-9145.patch @@ -0,0 +1,27 @@ +From c03f73268f65c73f9d3d7b670f13e48e92692750 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Roberto=20C=2E=20S=C3=A1nchez?= +Date: Tue, 9 Oct 2018 23:51:10 -0400 +Subject: [PATCH] Prevent SIGABRT on excessive subBox length in jp2image.cpp + +This fixes CVE-2018-9145 +--- + src/jp2image.cpp | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/jp2image.cpp b/src/jp2image.cpp +index 3cebc2a..3e4c7b1 100644 +--- a/src/jp2image.cpp ++++ b/src/jp2image.cpp +@@ -505,6 +505,10 @@ namespace Exiv2 + subBox.length = getLong((byte*)&subBox.length, bigEndian); + subBox.type = getLong((byte*)&subBox.type, bigEndian); + ++ // subBox.length makes no sense if it is larger than the rest of the file ++ if (subBox.length > io_->size() - io_->tell()) { ++ throw Error(kerCorruptedMetadata); ++ } + DataBuf data(subBox.length-sizeof(box)); + io_->read(data.pData_,data.size_); + if ( bPrint ) { +-- +2.23.0 \ No newline at end of file diff --git a/exiv2.spec b/exiv2.spec index 76f206ae65af09c783b1d68bff140a9852c9c2dc..e181fe8beed4a24e7cd4a26a9423d5b5818b0580 100644 --- a/exiv2.spec +++ b/exiv2.spec @@ -1,6 +1,6 @@ Name: exiv2 Version: 0.26 -Release: 20 +Release: 21 Summary: Exif, IPTC and XMP metadata and the ICC Profile License: GPLv2+ URL: http://www.exiv2.org/ @@ -57,6 +57,7 @@ Patch6024: CVE-2018-11037.patch Patch6025: backport-Fix-ICC-profile-in-PNG-images.patch Patch6026: backport-CVE-2019-13109.patch Patch6027: exiv2-CVE-2019-13111.patch +Patch6028: CVE-2018-9145.patch Provides: exiv2-libs Obsoletes: exiv2-libs @@ -120,6 +121,12 @@ test -x %{buildroot}%{_libdir}/libexiv2.so %{_datadir}/doc/html/ %changelog +* Wed Sep 16 2020 zhanzhimin - 0.26-21 +- Type:cves +- ID:CVE-2018-9145 +- SUG:NA +- DESC:fix CVE-2018-9145 + * Thu May 21 2020 liuzongyu - 0.26-20 - Type:cves - ID:CVE-2019-13111