Package: exiv2 | Debian Sources

Package: exiv2 / 0.25-4+deb10u2

Metadata

Package	Version	Patches format
exiv2	0.25-4+deb10u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
libtool_update.diff \| (download)	config/aclocal.m4 \| 12 9 + 3 - 0 ! configure \| 12 9 + 3 - 0 ! 2 files changed, 18 insertions(+), 6 deletions(-)	---
upstream fix casio crash \| (download)	src/makernote.cpp \| 4 3 + 1 - 0 ! 1 file changed, 3 insertions(+), 1 deletion(-)	---
CVE 2017 9239.patch \| (download)	src/tiffcomposite.cpp \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	[patch] #1296 fix submitted.
CVE 2018 10958_10999_1_of_2.patch \| (download)	src/error.cpp \| 3 2 + 1 - 0 ! src/pngchunk.cpp \| 4 4 + 0 - 0 ! 2 files changed, 6 insertions(+), 1 deletion(-)	[patch] analyze minimum needed number of null separators in PngChunk::parseTXTChunk This commit fixes the heap-buffer-overflow in PngChunk::parseTXTChunk. According to the specification: http://www.libpng.org/pub/png/spec/1.2/PNG-Chunks.html There must be 2 null separators when we start to analyze the language tag. (cherry picked from commit 2fb00c8a16ce93756cddd70536e361a49369ba88) [rcs: Backported to stretch]
CVE 2018 10958_10999_2_of_2.patch \| (download)	src/pngchunk.cpp \| 20 15 + 5 - 0 ! 1 file changed, 15 insertions(+), 5 deletions(-)	[patch] check validity of compressionflag & compressionmethod (cherry picked from commit 3ad0050469e6ea63b4081f2a88c264ce8ab55c51) [rcs: Backported to stretch]
CVE 2018 10998.patch \| (download)	src/exiv2.cpp \| 48 27 + 21 - 0 ! 1 file changed, 27 insertions(+), 21 deletions(-)	[patch] catch all exceptions not caught in exiv2 cli-tool It effectively looks the same as before, only now we don't call abort() but instead clean up everything gracefully. (cherry picked from commit f4e8ed2fd48d012467b99552f0d6378302a23c75) [rcs: Backported to stretch]
CVE 2018 11531_1_of_3.patch \| (download)	src/preview.cpp \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] prevent call to memcpy with size==0 (cherry picked from commit ed874703ad553338f973d537b8159d0eb4375cc4) [rcs: Backported to stretch]
CVE 2018 11531_2_of_3.patch \| (download)	src/preview.cpp \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	[patch] use index to access buf.pdata_ (cherry picked from commit 863aaebc92ff0b0ee3d302b7b5291002c043bc7b) [rcs: Backported to stretch]
CVE 2018 11531_3_of_3.patch \| (download)	src/preview.cpp \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	[patch] throw when trying to write out of the buffer (cherry picked from commit 67a5a741153c876a6f1c189abb874721d1725c48) [rcs: Backported to stretch]
CVE 2018 12265_prereq.patch \| (download)	src/safe_op.hpp \| 307 307 + 0 - 0 ! 1 file changed, 307 insertions(+)	---
CVE 2018 12265.patch \| (download)	src/preview.cpp \| 4 3 + 1 - 0 ! 1 file changed, 3 insertions(+), 1 deletion(-)	[patch] add offset_ and size_ safely in LoaderExifJpeg::LoaderExifJpeg offset_ can become arbitrarily large and overflows once its added to size_, this causes all kinds of problems further in the code when offset_ is used again. => Use Safe::add() to catch potential overflows This fixes #365. (cherry picked from commit 937a1a2bd067b8b3b787f3757089d972f3a39853) [rcs: Backported to stretch]
CVE 2018 12264.patch \| (download)	src/preview.cpp \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	[patch] fix addition overflows in range checks in loadertiff::getdata Several checks for extracted values performed no overflow checks on the addition. They can be tricked into passing, albeit the individual summands are too large. => use Safe::add() which now aborts when an overflow occurs This fixes #366 (cherry picked from commit fe70939f54476e99046245ca69ff27012401f759) [rcs: Backported to stretch]
CVE 2018 16336_prereq.patch \| (download)	src/Makefile \| 3 2 + 1 - 0 ! src/helper_functions.cpp \| 38 38 + 0 - 0 ! src/helper_functions.hpp \| 49 49 + 0 - 0 ! 3 files changed, 89 insertions(+), 1 deletion(-)	---
CVE 2018 16336.patch \| (download)	src/pngchunk.cpp \| 63 36 + 27 - 0 ! 1 file changed, 36 insertions(+), 27 deletions(-)	[patch] add overflow & overread checks to pngchunk::parsetxtchunk() This function was creating a lot of new pointers and strings without properly checking the array bounds. This commit adds several calls to enforce(), making sure that the pointers stay within bounds. Strings are now created using the helper function string_from_unterminated() to prevent overreads in the constructor of std::string. This fixes #400
CVE 2021 31291.patch \| (download)	src/jp2image.cpp \| 33 27 + 6 - 0 ! 1 file changed, 27 insertions(+), 6 deletions(-)	---
CVE 2021 31292.patch \| (download)	src/crwimage.cpp \| 6 5 + 1 - 0 ! 1 file changed, 5 insertions(+), 1 deletion(-)	[patch] fix integer overflow.
CVE 2021 3129x reqs.patch \| (download)	include/exiv2/error.hpp \| 68 68 + 0 - 0 ! src/enforce.hpp \| 95 95 + 0 - 0 ! 2 files changed, 163 insertions(+)	---

1