Headline
CVE-2020-13114: Add a failsafe on the maximum number of Canon MakerNote subtags. · libexif/libexif@e6a38a1
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
Permalink
Browse files
Add a failsafe on the maximum number of Canon MakerNote subtags.
A malicious file could be crafted to cause extremely large values in some tags without tripping any buffer range checks. This is bad with the libexif representation of Canon MakerNotes because some arrays are turned into individual tags that the application must loop around.
The largest value I’ve seen for failsafe_size in a (very small) sample of valid Canon files is <5000. The limit is set two orders of magnitude larger to avoid tripping up falsely in case some models use much larger values.
Patch from Google.
CVE-2020-13114
- Loading branch information
Showing with 21 additions and 0 deletions.
- +21 −0 libexif/canon/exif-mnote-data-canon.c