Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 711220 (CVE-2019-1010301, CVE-2019-1010302)

Summary: <media-gfx/jhead-3.04: Multiple vulnerabilities (CVE-2019-{1010301,1010302})
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: dilfridge, graphics+disabled
Priority: Normal Keywords: CC-ARCHES
Version: unspecifiedFlags: nattka: sanity-check+
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/16406
https://bugs.gentoo.org/show_bug.cgi?id=730746
Whiteboard: B3 [glsa+ cve]
Package list:
media-gfx/jhead-3.04
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 701826    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-01 20:33:54 UTC
1) CVE-2019-1010301

Description:
"jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file."

URL: https://www.cvedetails.com/cve/CVE-2019-1010301/

2) CVE-2019-1010302

Description:
"jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file."

URL: https://www.cvedetails.com/cve/CVE-2019-1010302/

---
Affected versions:
- <3.04? (https://www.sentex.ca/~mwandel/jhead/changes.txt)
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2020-04-12 00:02:48 UTC
Adding 2 more CVE's to this (Same Version)


CVE-2020-6625 (NEW)
Closejhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.


CVE-2020-6624 (NEW)
Closejhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
Comment 2 Larry the Git Cow gentoo-dev 2020-07-04 14:27:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=67e090339cb570cde380194dbc8b68089d9de311

commit 67e090339cb570cde380194dbc8b68089d9de311
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2020-06-24 20:39:38 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2020-07-04 14:25:02 +0000

    media-gfx/jhead: Security bump to 3.04
    
    EAPI bumped, src_prepare refactored away, added PATCHES array instead
    with a patch that includes the effects of the previous patch. This patch
    also includes adding Makefile functionality to create a shared library
    that was removed upstream since the last version we have.
    
    Bug: https://bugs.gentoo.org/701826
    Bug: https://bugs.gentoo.org/711220
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/16406
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 media-gfx/jhead/Manifest                           |  1 +
 .../files/jhead-3.04-mkstemp-fix-makefile.patch    | 53 ++++++++++++++++++++++
 media-gfx/jhead/jhead-3.04.ebuild                  | 24 ++++++++++
 3 files changed, 78 insertions(+)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-04 18:17:21 UTC
(In reply to Yury German from comment #1)
> Adding 2 more CVE's to this (Same Version)
> 
> 
> CVE-2020-6625 (NEW)
> Closejhead through 3.04 has a heap-based buffer over-read in Get32s when
> called from ProcessGpsInfo in gpsinfo.c.
> 
> 
> CVE-2020-6624 (NEW)
> Closejhead through 3.04 has a heap-based buffer over-read in process_DQT in
> jpgqguess.c.

I'll put these in a new bug just because then we can handle all the fixed stuff together.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-14 17:08:12 UTC
No open bugs. Will stable if no objections?
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-17 03:21:56 UTC
ppc64 stable
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-17 03:30:23 UTC
ppc stable
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-17 23:32:05 UTC
x86 stable
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-17 23:32:23 UTC
amd64 stable
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-18 18:37:01 UTC
sparc stable. Please cleanup.
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-26 15:52:33 UTC
GLSA vote: yes
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2020-07-26 23:58:46 UTC
This issue was resolved and addressed in
 GLSA 202007-17 at https://security.gentoo.org/glsa/202007-17
by GLSA coordinator Sam James (sam_c).
Comment 12 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-27 01:16:22 UTC
(In reply to GLSAMaker/CVETool Bot from comment #11)
> This issue was resolved and addressed in
>  GLSA 202007-17 at https://security.gentoo.org/glsa/202007-17
> by GLSA coordinator Sam James (sam_c).

Reopening for cleanup.
Comment 13 Larry the Git Cow gentoo-dev 2020-07-27 03:15:33 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40cb226be567e8f6b584268028b59b07812e8532

commit 40cb226be567e8f6b584268028b59b07812e8532
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-07-27 02:34:17 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-07-27 03:15:18 +0000

    media-gfx/jhead: security cleanup
    
    Closes: https://bugs.gentoo.org/711220
    Package-Manager: Portage-3.0.0, Repoman-2.3.23
    Signed-off-by: Sam James <sam@gentoo.org>

 media-gfx/jhead/Manifest                           |  2 --
 .../files/jhead-2.90-mkstemp_respect_flags.patch   | 26 ------------------
 media-gfx/jhead/jhead-2.97.ebuild                  | 31 ---------------------
 media-gfx/jhead/jhead-3.00-r2.ebuild               | 30 --------------------
 media-gfx/jhead/jhead-3.00.ebuild                  | 32 ----------------------
 5 files changed, 121 deletions(-)