CVE-2021-3482: Fix heap-based buffer overflow in Jp2Image::readMetadata()

CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata Resolves: bz#1956174
2021-05-03 13:55:41 +02:00 · 2021-05-03 13:55:41 +02:00 · 8210e83162
commit 8210e83162
parent 7cd05b33ca
1 changed files with 16 additions and 1 deletions
--- a/exiv2.spec
+++ b/exiv2.spec
@ -5,7 +5,7 @@ Summary: Exif and Iptc metadata manipulation library
 Name:    exiv2
 Version: 0.27.3
 %global internal_ver %{version}
-Release: 6%{?dist}
+Release: 7%{?dist}

 License: GPLv2+
 URL:     http://www.exiv2.org/
@ -17,6 +17,13 @@ Source0: http://exiv2.org/builds/%{name}-%{version}-Source.tar.gz

 ## upstream patches

+## security fixes
+Patch50: exiv2-CVE-2021-3482.patch
+Patch51: exiv2-CVE-2021-29457.patch
+Patch52: exiv2-CVE-2021-29458.patch
+Patch53: exiv2-CVE-2021-29470.patch
+Patch54: exiv2-CVE-2021-29473.patch
+
 ## upstreamable patches
 # don't unconditionally use -fcf-protection flag, not supported on all archs
 # fedora already includes this on archs that do support it
@ -135,6 +142,14 @@ test -x %{buildroot}%{_libdir}/libexiv2.so


 %changelog
+* Mon May 03 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-7
+- CVE-2021-3482: Fix heap-based buffer overflow in Jp2Image::readMetadata()
+  CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode
+  CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata
+  CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
+  CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata
+  Resolves: bz#1956174
+
 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.27.3-6
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937