diff options
| author | wangmy <wangmy@fujitsu.com> | 2021-05-18 16:08:00 +0800 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2021-05-19 09:17:49 -0700 |
| commit | a9aecd2c32fc8f238f62ef70813e032b6b52c2f2 (patch) | |
| tree | 8fca17301d02088a70032311bc41e662417f811f | |
| parent | bb1400efda77a7289ca20782172bfbe1f457f161 (diff) | |
| download | meta-openembedded-a9aecd2c32fc8f238f62ef70813e032b6b52c2f2.tar.gz | |
exiv2: Fix CVE-2021-29473
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1587/commits/e6a0982f7cd9282052b6e3485a458d60629ffa0b]
CVE: CVE-2021-29473
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| -rw-r--r-- | meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch | 21 | ||||
| -rw-r--r-- | meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 1 |
2 files changed, 22 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch new file mode 100644 index 0000000000..4afedf8e59 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch | |||
| @@ -0,0 +1,21 @@ | |||
| 1 | From e6a0982f7cd9282052b6e3485a458d60629ffa0b Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Kevin Backhouse <kevinbackhouse@github.com> | ||
| 3 | Date: Fri, 23 Apr 2021 11:44:44 +0100 | ||
| 4 | Subject: [PATCH] Add bounds check in Jp2Image::doWriteMetadata(). | ||
| 5 | |||
| 6 | --- | ||
| 7 | src/jp2image.cpp | 1 + | ||
| 8 | 1 file changed, 1 insertion(+) | ||
| 9 | |||
| 10 | diff --git a/src/jp2image.cpp b/src/jp2image.cpp | ||
| 11 | index 1694fed27..ca8c9ddbb 100644 | ||
| 12 | --- a/src/jp2image.cpp | ||
| 13 | +++ b/src/jp2image.cpp | ||
| 14 | @@ -908,6 +908,7 @@ static void boxes_check(size_t b,size_t m) | ||
| 15 | |||
| 16 | case kJp2BoxTypeUuid: | ||
| 17 | { | ||
| 18 | + enforce(boxBuf.size_ >= 24, Exiv2::kerCorruptedMetadata); | ||
| 19 | if(memcmp(boxBuf.pData_ + 8, kJp2UuidExif, 16) == 0) | ||
| 20 | { | ||
| 21 | #ifdef EXIV2_DEBUG_MESSAGES | ||
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb index 2419bab352..d5d9e62ff2 100644 --- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb +++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | |||
| @@ -15,6 +15,7 @@ SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.pat | |||
| 15 | file://CVE-2021-29463.patch \ | 15 | file://CVE-2021-29463.patch \ |
| 16 | file://CVE-2021-29464.patch \ | 16 | file://CVE-2021-29464.patch \ |
| 17 | file://CVE-2021-29470.patch \ | 17 | file://CVE-2021-29470.patch \ |
| 18 | file://CVE-2021-29473.patch \ | ||
| 18 | file://CVE-2021-3482.patch" | 19 | file://CVE-2021-3482.patch" |
| 19 | 20 | ||
| 20 | S = "${WORKDIR}/${BPN}-${PV}-Source" | 21 | S = "${WORKDIR}/${BPN}-${PV}-Source" |