diff options
author | wangmy <wangmy@fujitsu.com> | 2021-05-18 16:03:31 +0800 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2021-05-22 15:34:46 -0700 |
commit | d3f0f8957f7ab59375f25d504fa233d71b1871c6 (patch) | |
tree | d21d5db5fe63e583b6accc0d1227578b662c9407 /meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | |
parent | 0e8fcf0e774e17ea72785d5d95356bc6ee9133ee (diff) | |
download | meta-openembedded-d3f0f8957f7ab59375f25d504fa233d71b1871c6.tar.gz |
exiv2: Fix CVE-2021-3482
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482
Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp
can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1523/commits/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da]
CVE: CVE-2021-3482
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9e7c2c9713dc2824af2a33b0a3feb4f29e7f0269)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb')
-rw-r--r-- | meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb index fb8d126198..8c4c81799b 100644 --- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb +++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb @@ -12,7 +12,8 @@ inherit dos2unix SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch \ file://CVE-2021-29457.patch \ file://CVE-2021-29458.patch \ - file://CVE-2021-29463.patch" + file://CVE-2021-29463.patch \ + file://CVE-2021-3482.patch" S = "${WORKDIR}/${BPN}-${PV}-Source" |