Skip to content
Commit d383b46a authored by Fabrice Fontaine's avatar Fabrice Fontaine Committed by Yann E. MORIN
Browse files

package/exiv2: fix CVE-2019-17402 



Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in
types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory
in crwimage_int.cpp, because there is no validation of the relationship
of the total size to the offset and size.

Signed-off-by: default avatarFabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: default avatarYann E. MORIN <yann.morin.1998@free.fr>
parent ffb50125
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment