[AutoPR- Security] Patch libexif for CVE-2026-32775 [MEDIUM] (#16236)

Author: azurelinux-security

SPECS/libexif/CVE-2026-32775.patch

@@ -0,0 +1,87 @@
+From 7e6c660a540fe0231bdd43017686211a9eacac8b Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Mon, 9 Mar 2026 10:02:53 +0100
+Subject: [PATCH] check maxlen to be at least 1
+
+maxlen-- on 0 will become a high value.
+
+(likely found by AI)
+
+Fixes https://github.com/libexif/libexif/issues/247
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692.patch
+---
+ libexif/apple/mnote-apple-entry.c     | 2 ++
+ libexif/canon/mnote-canon-entry.c     | 2 ++
+ libexif/fuji/mnote-fuji-entry.c       | 1 +
+ libexif/olympus/mnote-olympus-entry.c | 2 ++
+ libexif/pentax/mnote-pentax-entry.c   | 1 +
+ 5 files changed, 8 insertions(+)
+
+diff --git a/libexif/apple/mnote-apple-entry.c b/libexif/apple/mnote-apple-entry.c
+index 6740d8e..337e51b 100644
+--- a/libexif/apple/mnote-apple-entry.c
++++ b/libexif/apple/mnote-apple-entry.c
+@@ -43,6 +43,8 @@ mnote_apple_entry_get_value(MnoteAppleEntry *entry, char *v, unsigned int maxlen
+ 
+     if (!entry)
+         return NULL;
++    if (maxlen < 1)
++        return NULL;
+ 
+     memset(v, 0, maxlen);
+     maxlen--;
+diff --git a/libexif/canon/mnote-canon-entry.c b/libexif/canon/mnote-canon-entry.c
+index 52a7077..372fcdf 100644
+--- a/libexif/canon/mnote-canon-entry.c
++++ b/libexif/canon/mnote-canon-entry.c
+@@ -559,6 +559,8 @@ mnote_canon_entry_get_value (const MnoteCanonEntry *entry, unsigned int t, char
+ 
+ 	if (!entry) 
+ 		return NULL;
++	if (maxlen < 1)
++		return NULL;
+ 
+ 	data = entry->data;
+ 	size = entry->size;
+diff --git a/libexif/fuji/mnote-fuji-entry.c b/libexif/fuji/mnote-fuji-entry.c
+index add7086..dd33900 100644
+--- a/libexif/fuji/mnote-fuji-entry.c
++++ b/libexif/fuji/mnote-fuji-entry.c
+@@ -199,6 +199,7 @@ mnote_fuji_entry_get_value (MnoteFujiEntry *entry,
+ 	int i, j;
+ 
+ 	if (!entry) return (NULL);
++	if (maxlen < 1) return NULL;
+ 
+ 	memset (val, 0, maxlen);
+ 	maxlen--;
+diff --git a/libexif/olympus/mnote-olympus-entry.c b/libexif/olympus/mnote-olympus-entry.c
+index 679fb50..d5eb60e 100644
+--- a/libexif/olympus/mnote-olympus-entry.c
++++ b/libexif/olympus/mnote-olympus-entry.c
+@@ -284,6 +284,8 @@ mnote_olympus_entry_get_value (MnoteOlympusEntry *entry, char *v, unsigned int m
+ 
+ 	if (!entry)
+ 		return (NULL);
++	if (maxlen < 1)
++		return NULL;
+ 
+ 	memset (v, 0, maxlen);
+ 	maxlen--;
+diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
+index 32b537b..d3c96f8 100644
+--- a/libexif/pentax/mnote-pentax-entry.c
++++ b/libexif/pentax/mnote-pentax-entry.c
+@@ -315,6 +315,7 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ 	int i = 0, j = 0;
+ 
+ 	if (!entry) return (NULL);
++	if (maxlen < 1) return (NULL);
+ 
+ 	memset (val, 0, maxlen);
+ 	maxlen--;
+-- 
+2.45.4
+

SPECS/libexif/libexif.spec

@@ -1,12 +1,13 @@
 Summary:        Library for extracting extra information from image files
 Name:           libexif
 Version:        0.6.24
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 URL:            https://libexif.github.io/
 Source0:        https://github.com/libexif/libexif/releases/download/v%{version}/%{name}-%{version}.tar.bz2
+Patch0:         CVE-2026-32775.patch
 BuildRequires:  doxygen
 BuildRequires:  gcc
 BuildRequires:  gettext-devel
@@ -70,6 +71,9 @@ iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README
 %doc libexif-api.html
 
 %changelog
+* Thu Mar 19 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 0.6.24-2
+- Patch for CVE-2026-32775
+
 * Mon Jul 11 2022 Olivia Crain <oliviacrain@microsoft.com> - 0.6.24-1
 - Upgrade to latest upstream version
 - Promote to mariner-official-base repo