commit | cdda21e7a137fd7d86c6ec5614cfc1b44e434075 | [log] [tgz] |
---|---|---|
author | Teow Wan Yee <wy.teow@hi-p.com> | Tue Aug 23 16:50:38 2016 +0800 |
committer | Teemu Hukkanen <teemu@fairphone.com> | Wed Sep 21 14:01:44 2016 +0200 |
tree | 7eafb02e5e33bd0f5ea237b655dc08ca0b954491 | |
parent | c1237958759ea86e0f4eb4705c36988448627992 [diff] |
FPII-2289 : Remote code execution vulnerability in Mediaserver CVE-2016-3862 A-29270469 Parsing of malformed exif data in a JPG file by JHEAD could lead to a stack smash and remote code execution. The fix is designed to prevent the stack smash by removing the use of JHEAD in the ExifInterface. Change-Id: Iad81661df6e5cb721984e86d7282ba9974835d5c