exiv2: patch CVE-2021-37622

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37622 Pick the patch from the PR referenced by the NVD advisory. Note that the regression test is not part of this patch, as no patchtool could apply it in do_patch task. The test patch was however manually applied during preparing this patch, and all tests were executed successfully. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2026-03-01 15:09:08 +0100
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2026-03-01 15:14:12 +0100
commit: 6d3829a569ebfc5b4bc5db8d62df7f0db3f2d06a (patch)
tree: bbe69092ea95a6c8d03dade88cff10eb3bc10cbc
parent: 08fe7e8f61bf9669b85902dd1ba67ed674a1d7b8 (diff)
download: meta-openembedded-6d3829a569ebfc5b4bc5db8d62df7f0db3f2d06a.tar.gz
3 files changed, 52 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-1.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-1.patch
new file mode 100644
index 0000000000..13b2a4c81b
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-1.patch
@@ -0,0 +1,25 @@
+From f6da4a573f9f4c0821ac726fcbfc7fc09212327b Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Sat, 17 Jul 2021 12:38:31 +0100
+Subject: [PATCH] Make sure that read is complete to prevent infinite loop.
+CVE: CVE-2021-37622
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/ffe5eb517dad93845e62144d8e53f52b17420ecd]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/jpgimage.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/jpgimage.cpp b/src/jpgimage.cpp
+index b9e724c..bb34044 100644
+--- a/src/jpgimage.cpp
+++ b/src/jpgimage.cpp
+@@ -644,7 +644,7 @@ namespace Exiv2 {
+                 // Read size and signature
+                 std::memset(buf.pData_, 0x0, buf.size_);
+                 bufRead = io_->read(buf.pData_, bufMinSize);
+-                if (io_->error())
+                if (io_->error() || bufRead != bufMinSize)
+                     throw Error(kerFailedToReadImageData);
+                 if (bufRead < 2)
+                     throw Error(kerNotAJpeg);
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-2.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-2.patch
new file mode 100644
index 0000000000..c506b48c11
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-2.patch
@@ -0,0 +1,25 @@
+From 8390f32b88b2c779c328ca09d9f437202fca2782 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Sun, 25 Jul 2021 19:03:50 +0100
+Subject: [PATCH] Remove redundant check.
+CVE: CVE-2021-37622
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/19026fab2bc2b6dee2150f38153feb65a41cea17]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/jpgimage.cpp | 2 --
+ 1 file changed, 2 deletions(-)
+diff --git a/src/jpgimage.cpp b/src/jpgimage.cpp
+index bb34044..d549355 100644
+--- a/src/jpgimage.cpp
+++ b/src/jpgimage.cpp
+@@ -646,8 +646,6 @@ namespace Exiv2 {
+                 bufRead = io_->read(buf.pData_, bufMinSize);
+                 if (io_->error() || bufRead != bufMinSize)
+                     throw Error(kerFailedToReadImageData);
+-                if (bufRead < 2)
+-                    throw Error(kerNotAJpeg);
+                 const uint16_t size = mHasLength[marker] ? getUShort(buf.pData_, bigEndian) : 0;
+                 if (bPrint && mHasLength[marker])
+                     out << Internal::stringFormat(" | %7d ", size);
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 3518e47235..4700173de4 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -30,6 +30,8 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
           file://CVE-2021-37620-2.patch \
           file://CVE-2021-37621-1.patch \
           file://CVE-2021-37621-2.patch \
+           file://CVE-2021-37622-1.patch \
+           file://CVE-2021-37622-2.patch \
           "
 SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2026-03-01 15:09:08 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2026-03-01 15:14:12 +0100
commit	6d3829a569ebfc5b4bc5db8d62df7f0db3f2d06a (patch)
tree	bbe69092ea95a6c8d03dade88cff10eb3bc10cbc
parent	08fe7e8f61bf9669b85902dd1ba67ed674a1d7b8 (diff)
download	meta-openembedded-6d3829a569ebfc5b4bc5db8d62df7f0db3f2d06a.tar.gz

diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-1.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-1.patch new file mode 100644 index 0000000000..13b2a4c81b --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-1.patch
@@ -0,0 +1,25 @@
		1	From f6da4a573f9f4c0821ac726fcbfc7fc09212327b Mon Sep 17 00:00:00 2001
		2	From: Kevin Backhouse <kevinbackhouse@github.com>
		3	Date: Sat, 17 Jul 2021 12:38:31 +0100
		4	Subject: [PATCH] Make sure that read is complete to prevent infinite loop.
		5
		6	CVE: CVE-2021-37622
		7	Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/ffe5eb517dad93845e62144d8e53f52b17420ecd]
		8	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		9	---
		10	src/jpgimage.cpp \| 2 +-
		11	1 file changed, 1 insertion(+), 1 deletion(-)
		12
		13	diff --git a/src/jpgimage.cpp b/src/jpgimage.cpp
		14	index b9e724c..bb34044 100644
		15	--- a/src/jpgimage.cpp
		16	+++ b/src/jpgimage.cpp
		17	@@ -644,7 +644,7 @@ namespace Exiv2 {
		18	// Read size and signature
		19	std::memset(buf.pData_, 0x0, buf.size_);
		20	bufRead = io_->read(buf.pData_, bufMinSize);
		21	- if (io_->error())
		22	+ if (io_->error() \|\| bufRead != bufMinSize)
		23	throw Error(kerFailedToReadImageData);
		24	if (bufRead < 2)
		25	throw Error(kerNotAJpeg);


diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-2.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-2.patch new file mode 100644 index 0000000000..c506b48c11 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-2.patch
@@ -0,0 +1,25 @@
		1	From 8390f32b88b2c779c328ca09d9f437202fca2782 Mon Sep 17 00:00:00 2001
		2	From: Kevin Backhouse <kevinbackhouse@github.com>
		3	Date: Sun, 25 Jul 2021 19:03:50 +0100
		4	Subject: [PATCH] Remove redundant check.
		5
		6	CVE: CVE-2021-37622
		7	Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/19026fab2bc2b6dee2150f38153feb65a41cea17]
		8	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		9	---
		10	src/jpgimage.cpp \| 2 --
		11	1 file changed, 2 deletions(-)
		12
		13	diff --git a/src/jpgimage.cpp b/src/jpgimage.cpp
		14	index bb34044..d549355 100644
		15	--- a/src/jpgimage.cpp
		16	+++ b/src/jpgimage.cpp
		17	@@ -646,8 +646,6 @@ namespace Exiv2 {
		18	bufRead = io_->read(buf.pData_, bufMinSize);
		19	if (io_->error() \|\| bufRead != bufMinSize)
		20	throw Error(kerFailedToReadImageData);
		21	- if (bufRead < 2)
		22	- throw Error(kerNotAJpeg);
		23	const uint16_t size = mHasLength[marker] ? getUShort(buf.pData_, bigEndian) : 0;
		24	if (bPrint && mHasLength[marker])
		25	out << Internal::stringFormat(" \| %7d ", size);


diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb index 3518e47235..4700173de4 100644 --- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb +++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -30,6 +30,8 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
30	file://CVE-2021-37620-2.patch \	30	file://CVE-2021-37620-2.patch \
31	file://CVE-2021-37621-1.patch \	31	file://CVE-2021-37621-1.patch \
32	file://CVE-2021-37621-2.patch \	32	file://CVE-2021-37621-2.patch \
		33	file://CVE-2021-37622-1.patch \
		34	file://CVE-2021-37622-2.patch \
33	"	35	"
34	SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"	36	SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
35		37