Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / frameworks / base / cdda21e7a137fd7d86c6ec5614cfc1b44e434075
commitcdda21e7a137fd7d86c6ec5614cfc1b44e434075[log] [tgz]
authorTeow Wan Yee <wy.teow@hi-p.com>Tue Aug 23 16:50:38 2016 +0800
committerTeemu Hukkanen <teemu@fairphone.com>Wed Sep 21 14:01:44 2016 +0200
tree7eafb02e5e33bd0f5ea237b655dc08ca0b954491
parentc1237958759ea86e0f4eb4705c36988448627992 [diff]
FPII-2289 : Remote code execution vulnerability in Mediaserver CVE-2016-3862 A-29270469

Parsing of malformed exif data in a JPG file by JHEAD could lead to a
stack smash and remote code execution.

The fix is designed to prevent the stack smash by removing the use of
JHEAD in the ExifInterface.

Change-Id: Iad81661df6e5cb721984e86d7282ba9974835d5c
2 files changed
tree: 7eafb02e5e33bd0f5ea237b655dc08ca0b954491
  1. api/
  2. btobex/
  3. cmds/
  4. core/
  5. data/
  6. docs/
  7. drm/
  8. graphics/
  9. include/
  10. keystore/
  11. libs/
  12. location/
  13. media/
  14. native/
  15. nfc-extras/
  16. obex/
  17. opengl/
  18. packages/
  19. policy/
  20. rs/
  21. samples/
  22. sax/
  23. security-bridge/
  24. services/
  25. telecomm/
  26. telephony/
  27. test-runner/
  28. tests/
  29. tools/
  30. wifi/
  31. Android.mk
  32. CleanSpec.mk
  33. MODULE_LICENSE_APACHE2
  34. NOTICE
  35. preloaded-classes