File CVE-2018-20099.patch of Package exiv2.30966

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2018-20099.patch of Package exiv2.30966

From 2736126e7b92c5654f56620c097f9a4580c0f73b Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Tue, 27 Apr 2021 11:06:56 +0100
Subject: [PATCH] Fix infinite loop caused by subBox with zero size.

---
 src/jp2image.cpp | 1 +
 1 file changed, 1 insertion(+)

Index: exiv2-0.26/src/jp2image.cpp
===================================================================
--- exiv2-0.26.orig/src/jp2image.cpp
+++ exiv2-0.26/src/jp2image.cpp
@@ -665,6 +665,8 @@ static void boxes_check(size_t b,size_t
             if ( count < length ) {
                 subBox.length = getLong((byte*)&subBox.length, bigEndian);
                 subBox.type   = getLong((byte*)&subBox.type  , bigEndian);
+                enforce(subBox.length > 0, Exiv2::kerCorruptedMetadata);
+                enforce(subBox.length <= length - count, Exiv2::kerCorruptedMetadata);
 #ifdef DEBUG
                 std::cout << "Jp2Image::encodeJp2Header subbox: "<< toAscii(subBox.type) << " length = " << subBox.length << std::endl;
 #endif

Places

File CVE-2018-20099.patch of Package exiv2.30966

Places