diff --git a/SOURCES/exiv2-CVE-2021-31291.patch b/SOURCES/exiv2-CVE-2021-31291.patch new file mode 100644 index 0000000..05c6138 --- /dev/null +++ b/SOURCES/exiv2-CVE-2021-31291.patch @@ -0,0 +1,26 @@ +From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001 +From: Pydera +Date: Thu, 8 Apr 2021 17:36:16 +0200 +Subject: [PATCH] Fix out of buffer access in #1529 + +--- + src/jp2image.cpp | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/jp2image.cpp b/src/jp2image.cpp +index 88ab9b2d61..12025f9664 100644 +--- a/src/jp2image.cpp ++++ b/src/jp2image.cpp +@@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m) + #endif + box.length = (uint32_t) (io_->size() - io_->tell() + 8); + } +- if (box.length == 1) ++ if (box.length < 8) + { +- // FIXME. Special case. the real box size is given in another place. ++ // box is broken, so there is nothing we can do here ++ throw Error(kerCorruptedMetadata); + } + + // Read whole box : Box header + Box data (not fixed size - can be null). diff --git a/SPECS/exiv2.spec b/SPECS/exiv2.spec index 149f029..d3a92d4 100644 --- a/SPECS/exiv2.spec +++ b/SPECS/exiv2.spec @@ -2,7 +2,7 @@ Summary: Exif and Iptc metadata manipulation library Name: exiv2 Version: 0.27.3 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ URL: http://www.exiv2.org/ @@ -14,7 +14,7 @@ Source0: https://github.com/Exiv2/%{name}/archive/exiv2-%{version}.tar.gz # don't unconditionally use -fcf-protection flag, not supported on all archs # fedora already includes this on archs that do support it Patch100: exiv2-0.27.3-fcf-protection.patch - +Patch101: exiv2-CVE-2021-31291.patch BuildRequires: cmake BuildRequires: expat-devel @@ -123,6 +123,10 @@ test -x %{buildroot}%{_libdir}/libexiv2.so %changelog +* Thu Aug 05 2021 Jan Grulich - 0.27.3-3 +- Fix heap-based buffer overflow vulnerability in jp2image.cpp that may lead to DoS + Resolves: bz#1990355 + * Wed Oct 7 2020 Jan Grulich - 0.27.3-2 - Avoid duplicating Changelog file Resolves: bz#1880984