Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.3:Update
jhead.17742
CVE-2021-3496.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-3496.patch of Package jhead.17742
Index: jhead-3.00/makernote.c =================================================================== --- jhead-3.00.orig/makernote.c 2021-04-19 11:06:10.769293809 +0200 +++ jhead-3.00/makernote.c 2021-04-19 11:09:01.526237027 +0200 @@ -65,7 +65,7 @@ static void ProcessCanonMakerNoteDir(uns unsigned OffsetVal; OffsetVal = Get32u(DirEntry+8); // If its bigger than 4 bytes, the dir entry contains an offset. - if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){ + if (OffsetVal+ByteCount > (unsigned)ExifLength || OffsetVal > 65536){ // Bogus pointer offset and / or bytecount value ErrNonfatal("Illegal value pointer for Exif maker tag %04x", Tag,0); continue; @@ -120,6 +120,7 @@ static void ProcessCanonMakerNoteDir(uns } } if (Tag == 1 && Components > 16){ + if (ByteCount < 17 * sizeof(short)) continue; // Fuzztest -- not enough allocated. int IsoCode = Get16u(ValuePtr + 16*sizeof(unsigned short)); if (IsoCode >= 16 && IsoCode <= 24){ ImageInfo.ISOequivalent = 50 << (IsoCode-16); @@ -127,6 +128,7 @@ static void ProcessCanonMakerNoteDir(uns } if (Tag == 4 && Format == FMT_USHORT){ + if (ByteCount < 20 * sizeof(short)) continue; // Fuzztest -- not enough allocated. if (Components > 7){ int WhiteBalance = Get16u(ValuePtr + 7*sizeof(unsigned short)); switch(WhiteBalance){
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor