Package: libexif | Debian Sources

Package: libexif / 0.6.21-5.1+deb10u5

Metadata

Package	Version	Patches format
libexif	0.6.21-5.1+deb10u5	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
cve 2020 0093.patch \| (download)	libexif/exif-data.c \| 4 3 + 1 - 0 ! 1 file changed, 3 insertions(+), 1 deletion(-)	fix read buffer overflow (cve-2020-0093) Ensure the number of bytes being copied does not exceed the source buffer size.
cve 2020 12767.patch \| (download)	libexif/exif-entry.c \| 7 4 + 3 - 0 ! 1 file changed, 4 insertions(+), 3 deletions(-)	prevent some possible division-by-zero errors in exif_entry_get_value()
add am_prog_ar.patch \| (download)	configure.ac \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	add the am_prog_ar macro to configure.ac to avoid automake warnings in ltlibrary.am while processing the Libtool library 'libexif.la'
ac_lang_source macro.patch \| (download)	configure.ac \| 4 4 + 0 - 0 ! 1 file changed, 4 insertions(+)	use quoted ac_lang_source macros when checking for specific functionality in configure.ac. This avoids several automake warnings.
pkg_config_header_dir.patch \| (download)	libexif.pc.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fix $cflags in pkg-config helper.
extra_colorspace_check.patch \| (download)	libexif/exif-entry.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fix crash with gnome applications by adding an extra check while reading value for color space.
cve 2016 6328.patch \| (download)	libexif/pentax/mnote-pentax-entry.c \| 16 13 + 3 - 0 ! 1 file changed, 13 insertions(+), 3 deletions(-)	fixes an integer overflow while parsing the mnote entry data of the input file (cve-2016-6328)
cve 2017 7544.patch \| (download)	libexif/exif-data.c \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	fixes an out-of-bounds heap read in the exif_data_save_data_entry function (cve-2017-7544)
fix size_t warnings.patch \| (download)	libexif/canon/exif-mnote-data-canon.c \| 4 2 + 2 - 0 ! libexif/fuji/exif-mnote-data-fuji.c \| 2 1 + 1 - 0 ! libexif/olympus/exif-mnote-data-olympus.c \| 4 2 + 2 - 0 ! libexif/pentax/exif-mnote-data-pentax.c \| 2 1 + 1 - 0 ! 4 files changed, 6 insertions(+), 6 deletions(-)	cast %u format specifiers to unsigned long to prevent compiler warnings on 32-bit and 64-bit platforms.
Reduce maximum recursion depth in exif_data_load_dat.patch \| (download)	libexif/exif-data.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	reduce maximum recursion depth in exif_data_load_data_content
Improve deep recursion detection in exif_data_load_d.patch \| (download)	libexif/exif-data.c \| 45 37 + 8 - 0 ! 1 file changed, 37 insertions(+), 8 deletions(-)	improve deep recursion detection in exif_data_load_data_content.
fix CVE 2019 9278.patch \| (download)	libexif/exif-data.c \| 28 18 + 10 - 0 ! 1 file changed, 18 insertions(+), 10 deletions(-)	fix cve-2019-9278
cve 2020 13112.patch \| (download)	libexif/canon/exif-mnote-data-canon.c \| 22 18 + 4 - 0 ! libexif/fuji/exif-mnote-data-fuji.c \| 25 19 + 6 - 0 ! libexif/olympus/exif-mnote-data-olympus.c \| 25 18 + 7 - 0 ! libexif/pentax/exif-mnote-data-pentax.c \| 21 17 + 4 - 0 ! 4 files changed, 72 insertions(+), 21 deletions(-)	fix makernote tag size overflow issues at read time (cve-2020-13112) Check for a size overflow while reading tags, which ensures that the size is always consistent for the given components and type of the entry, making checking further down superfluous. . This provides an alternate fix for https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 and for all the MakerNote types. Likely, this makes both commits 41bd0423 and 89e5b1c1 redundant as it ensures that MakerNote entries are well-formed when they're populated. . Some improvements on top by Marcus Meissner <marcus@jet.franken.de>.
cve 2020 13113.patch \| (download)	libexif/canon/exif-mnote-data-canon.c \| 1 1 + 0 - 0 ! libexif/fuji/exif-mnote-data-fuji.c \| 1 1 + 0 - 0 ! libexif/olympus/exif-mnote-data-olympus.c \| 2 2 + 0 - 0 ! libexif/pentax/exif-mnote-data-pentax.c \| 1 1 + 0 - 0 ! 4 files changed, 5 insertions(+)	ensure the makernote data pointers are initialized with null (cve-2020-13113) This ensures that an uninitialized pointer isn't dereferenced later in the case where the number of components (and therefore size) is 0. . This fixes the second issue reported at https://sourceforge.net/p/libexif/bugs/125/
cve 2020 13114.patch \| (download)	libexif/canon/exif-mnote-data-canon.c \| 21 21 + 0 - 0 ! 1 file changed, 21 insertions(+)	add a failsafe on the maximum number of canon makernote subtags (cve-2020-13114) A malicious file could be crafted to cause extremely large values in some tags without tripping any buffer range checks. This is bad with the libexif representation of Canon MakerNotes because some arrays are turned into individual tags that the application must loop around. . The largest value I've seen for failsafe_size in a (very small) sample of valid Canon files is <5000. The limit is set two orders of magnitude larger to avoid tripping up falsely in case some models use much larger values. . Patch from Google.
cve 2020 0182.patch \| (download)	libexif/exif-entry.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	fix a buffer read overflow in exif_entry_get_value() (cve-2020-0182) While parsing EXIF_TAG_FOCAL_LENGTH it was possible to read 8 bytes past the end of a heap buffer. This was detected by the OSS Fuzz project.
cve 2020 0198.patch \| (download)	libexif/exif-data.c \| 10 6 + 4 - 0 ! 1 file changed, 6 insertions(+), 4 deletions(-)	fix an unsigned integer overflow in libexif/exif-data.c (cve-2020-0198) Use a more generic overflow check method and also check the second overflow instance.
cve 2020 0452.patch \| (download)	libexif/exif-entry.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	prevent compiler optimization of a buffer overflow check A compiler optimization could remove a buffer overflow check, making a buffer overflow possible with some EXIF tags.

1