Summary: | <media-gfx/jhead-3.06.0.1: Multiple vulnerabilities (CVE-2020-{6624,6625}, CVE-2021-3496) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | dilfridge |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=711220 | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 879015 | ||
Bug Blocks: |
Description
Sam James
![]() ![]() ![]() ![]() CVE-2021-3496: A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. Issue: https://github.com/Matthias-Wandel/jhead/issues/33 Fixed in 3.06.0.1. CVE-2021-28275 (https://github.com/Matthias-Wandel/jhead/issues/17): A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. CVE-2021-28276 (https://github.com/Matthias-Wandel/jhead/issues/1): A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. CVE-2021-28277 (https://github.com/Matthias-Wandel/jhead/issues/16): A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. CVE-2021-28278 (https://github.com/Matthias-Wandel/jhead/issues/15): A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. These all fixed by 3.06.0.1. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a47a1d8535d26adffaf93b0df37a623ed2e629c5 commit a47a1d8535d26adffaf93b0df37a623ed2e629c5 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2022-10-08 22:30:53 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2022-10-08 22:35:44 +0000 media-gfx/jhead: add 3.06.0.1 Bug: https://bugs.gentoo.org/730746 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> media-gfx/jhead/Manifest | 1 + .../jhead-3.06.0.1-mkstemp-fix-makefile.patch | 52 ++++++++++++++++++++++ media-gfx/jhead/jhead-3.06.0.1.ebuild | 24 ++++++++++ 3 files changed, 77 insertions(+) I suppose we should move the fixed ones to a new bug this time, so the two unfixed bugs aren't moved to a *third* bug. (In reply to John Helmert III from comment #4) > I suppose we should move the fixed ones to a new bug this time, so the two > unfixed bugs aren't moved to a *third* bug. Well, I said that then did the opposite. Whoops. GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=076fd7121bedf4e031ffbdb82f78d30568739b09 commit 076fd7121bedf4e031ffbdb82f78d30568739b09 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:12:23 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:15 +0000 [ GLSA 202210-17 ] JHead: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/730746 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-17.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) It seems a GLSA was issued here before stabilization. Was this intentional? On stable systems users will get a glsa warning without an upgrade path. (In reply to Hanno Böck from comment #8) > It seems a GLSA was issued here before stabilization. Was this intentional? > > On stable systems users will get a glsa warning without an upgrade path. No! This was definitely done in error. I'll stablereq now, and I apologize for the oversight. Stabilization done, all done! |