From ac5e0e2ba08a7644096013aa30d9d7ca56d84006 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Wed, 11 Mar 2026 12:11:53 +0100
Subject: [PATCH] exiv2: patch CVE-2026-25884

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25884

Backport the commits referenced by the NVD advisory.

Note that the regression tests are not included in this test. The
patch contains binary data, which cannot be applied with any of
the PATCHTOOLs in do_patch task.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../exiv2/exiv2/CVE-2026-25884.patch          | 25 +++++++++++++++++++
 meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb |  1 +
 2 files changed, 26 insertions(+)
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884.patch

diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884.patch
new file mode 100644
index 0000000000..624c53f49b
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884.patch
@@ -0,0 +1,25 @@
+From cfbe7e48cbfa63b88b3dcf9d99272330f8349c4f Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Sat, 31 Jan 2026 15:31:55 +0000
+Subject: [PATCH] Fix out-of-bounds read.
+
+CVE: CVE-2026-25884
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/5b8f1f4d92b8f27a5a80e0c3d3eb9dce7620d9f1]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/crwimage_int.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index 570de75..8791dbd 100644
+--- a/src/crwimage_int.cpp
++++ b/src/crwimage_int.cpp
+@@ -812,7 +812,7 @@ namespace Exiv2 {
+                                     Image&         image,
+                                     ByteOrder      /*byteOrder*/)
+     {
+-        std::string s(reinterpret_cast<const char*>(ciffComponent.pData()));
++        auto s = std::string(reinterpret_cast<const char*>(ciffComponent.pData()), ciffComponent.size());
+         image.setComment(s);
+     } // CrwMap::decode0x0805
+ 
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 4700173de4..602ef3910f 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -32,6 +32,7 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
            file://CVE-2021-37621-2.patch \
            file://CVE-2021-37622-1.patch \
            file://CVE-2021-37622-2.patch \
+           file://CVE-2026-25884.patch \
            "
 SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"