Pick patch from [1] also mentioned at NVD report in [2] [1] https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-32775 [3] https://security-tracker.debian.org/tracker/CVE-2026-32775
Signed-off-by: Hitendra Prajapati <[email protected]> --- .../libexif/libexif/CVE-2026-32775.patch | 86 +++++++++++++++++++ .../recipes-support/libexif/libexif_0.6.24.bb | 1 + 2 files changed, 87 insertions(+) create mode 100644 meta/recipes-support/libexif/libexif/CVE-2026-32775.patch diff --git a/meta/recipes-support/libexif/libexif/CVE-2026-32775.patch b/meta/recipes-support/libexif/libexif/CVE-2026-32775.patch new file mode 100644 index 0000000000..2493588443 --- /dev/null +++ b/meta/recipes-support/libexif/libexif/CVE-2026-32775.patch @@ -0,0 +1,86 @@ +From 7df372e9d31d7c993a22b913c813a5f7ec4f3692 Mon Sep 17 00:00:00 2001 +From: Marcus Meissner <[email protected]> +Date: Mon, 9 Mar 2026 10:02:53 +0100 +Subject: [PATCH] check maxlen to be at least 1 + +maxlen-- on 0 will become a high value. + +Fixes https://github.com/libexif/libexif/issues/247 + +CVE: CVE-2026-32775 +Upstream-Status: Backport from [https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692] +Signed-off-by: Hitendra Prajapati <[email protected]> +--- + libexif/apple/mnote-apple-entry.c | 2 ++ + libexif/canon/mnote-canon-entry.c | 2 ++ + libexif/fuji/mnote-fuji-entry.c | 1 + + libexif/olympus/mnote-olympus-entry.c | 2 ++ + libexif/pentax/mnote-pentax-entry.c | 1 + + 5 files changed, 8 insertions(+) + +diff --git a/libexif/apple/mnote-apple-entry.c b/libexif/apple/mnote-apple-entry.c +index 6740d8e..337e51b 100644 +--- a/libexif/apple/mnote-apple-entry.c ++++ b/libexif/apple/mnote-apple-entry.c +@@ -43,6 +43,8 @@ mnote_apple_entry_get_value(MnoteAppleEntry *entry, char *v, unsigned int maxlen + + if (!entry) + return NULL; ++ if (maxlen < 1) ++ return NULL; + + memset(v, 0, maxlen); + maxlen--; +diff --git a/libexif/canon/mnote-canon-entry.c b/libexif/canon/mnote-canon-entry.c +index 52a7077..372fcdf 100644 +--- a/libexif/canon/mnote-canon-entry.c ++++ b/libexif/canon/mnote-canon-entry.c +@@ -559,6 +559,8 @@ mnote_canon_entry_get_value (const MnoteCanonEntry *entry, unsigned int t, char + + if (!entry) + return NULL; ++ if (maxlen < 1) ++ return NULL; + + data = entry->data; + size = entry->size; +diff --git a/libexif/fuji/mnote-fuji-entry.c b/libexif/fuji/mnote-fuji-entry.c +index add7086..dd33900 100644 +--- a/libexif/fuji/mnote-fuji-entry.c ++++ b/libexif/fuji/mnote-fuji-entry.c +@@ -199,6 +199,7 @@ mnote_fuji_entry_get_value (MnoteFujiEntry *entry, + int i, j; + + if (!entry) return (NULL); ++ if (maxlen < 1) return NULL; + + memset (val, 0, maxlen); + maxlen--; +diff --git a/libexif/olympus/mnote-olympus-entry.c b/libexif/olympus/mnote-olympus-entry.c +index 679fb50..d5eb60e 100644 +--- a/libexif/olympus/mnote-olympus-entry.c ++++ b/libexif/olympus/mnote-olympus-entry.c +@@ -284,6 +284,8 @@ mnote_olympus_entry_get_value (MnoteOlympusEntry *entry, char *v, unsigned int m + + if (!entry) + return (NULL); ++ if (maxlen < 1) ++ return NULL; + + memset (v, 0, maxlen); + maxlen--; +diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c +index 32b537b..d3c96f8 100644 +--- a/libexif/pentax/mnote-pentax-entry.c ++++ b/libexif/pentax/mnote-pentax-entry.c +@@ -315,6 +315,7 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, + int i = 0, j = 0; + + if (!entry) return (NULL); ++ if (maxlen < 1) return (NULL); + + memset (val, 0, maxlen); + maxlen--; +-- +2.50.1 + diff --git a/meta/recipes-support/libexif/libexif_0.6.24.bb b/meta/recipes-support/libexif/libexif_0.6.24.bb index b407ee52de..b3ee15a37f 100644 --- a/meta/recipes-support/libexif/libexif_0.6.24.bb +++ b/meta/recipes-support/libexif/libexif_0.6.24.bb @@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libexif-${PV}.tar.bz2 \ file://0001-Add-serial-tests-config-needed-by-ptest.patch \ file://run-ptest \ + file://CVE-2026-32775.patch \ " SRC_URI[sha256sum] = "d47564c433b733d83b6704c70477e0a4067811d184ec565258ac563d8223f6ae" -- 2.50.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237016): https://lists.openembedded.org/g/openembedded-core/message/237016 Mute This Topic: https://lists.openembedded.org/mt/119309378/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
