Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
libavif
libavif-CVE-2023-6704.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libavif-CVE-2023-6704.patch of Package libavif
From 7845153645cfe245de5add94fb07c227c2d16402 Mon Sep 17 00:00:00 2001 From: Vignesh Venkatasubramanian <vigneshv@google.com> Date: Mon, 27 Nov 2023 11:31:38 -0800 Subject: [PATCH] Do not store colorproperties until alpha item is found colorProperties could be pointing to a dangling pointer if findAlphaItem() resizes the meta.items array. --- diff --git a/src/read.c b/src/read.c index 68784fe..d9e4c25 100644 --- a/src/read.c +++ b/src/read.c @@ -3332,7 +3332,6 @@ avifResult avifDecoderReset(avifDecoder * decoder) avifDiagnosticsPrintf(&decoder->diag, "Primary item not found"); return AVIF_RESULT_NO_AV1_ITEMS_FOUND; } - colorProperties = &colorItem->properties; // Find the alphaOBU item, if any for (uint32_t itemIndex = 0; itemIndex < data->meta->items.count; ++itemIndex) { @@ -3369,6 +3368,8 @@ avifResult avifDecoderReset(avifDecoder * decoder) } } + colorProperties = &colorItem->properties; + // Find Exif and/or XMP metadata, if any avifResult findResult = avifDecoderFindMetadata(decoder, data->meta, decoder->image, colorItem->id); if (findResult != AVIF_RESULT_OK) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor