diff options
Diffstat (limited to 'media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch')
| -rw-r--r-- | media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch b/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch new file mode 100644 index 000000000000..1c9e7921c6bb --- /dev/null +++ b/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch @@ -0,0 +1,30 @@ +Description: Fix 'eval injection". + CVE-2021-22204: Improper neutralization of user data in the DjVu file + format in ExifTool versions 7.44 and up allows arbitrary code execution + when parsing the malicious image +Origin: upstream release 12.24 +Bug-Debian: https://bugs.debian.org/987505 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1925985 +Author: Phil Harvey <philharvey66@gmail.com> +Reviewed-by: gregor herrmann <gregoa@debian.org> +Last-Update: 2021-04-24 +Applied-Upstream: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 + +--- a/lib/Image/ExifTool/DjVu.pm ++++ b/lib/Image/ExifTool/DjVu.pm +@@ -227,10 +227,11 @@ + last unless $tok =~ /(\\+)$/ and length($1) & 0x01; + $tok .= '"'; # quote is part of the string + } +- # must protect unescaped "$" and "@" symbols, and "\" at end of string +- $tok =~ s{\\(.)|([\$\@]|\\$)}{'\\'.($2 || $1)}sge; +- # convert C escape sequences (allowed in quoted text) +- $tok = eval qq{"$tok"}; ++ # convert C escape sequences, allowed in quoted text ++ # (note: this only converts a few of them!) ++ my %esc = ( a => "\a", b => "\b", f => "\f", n => "\n", ++ r => "\r", t => "\t", '"' => '"', '\\' => '\\' ); ++ $tok =~ s/\\(.)/$esc{$1}||'\\'.$1/egs; + } else { # key name + pos($$dataPt) = pos($$dataPt) - 1; + # allow anything in key but whitespace, braces and double quotes |