Summary: | <media-gfx/exiv2-0.27.4: Multiple vulnerabilities (CVE-2021-{29457,29458,29470,29473,29463,29464,29623,31291,31292,32617}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+] | ||
Package list: |
media-gfx/exiv2-0.27.4-r1
|
Runtime testing required: | --- |
Bug Depends on: | 799692 | ||
Bug Blocks: |
Description
Sam James
2021-04-25 16:56:00 UTC
* CVE-2021-29457 Description: "A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4." https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm * CVE-2021-29473 Description: "An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4." CONFIRM:https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2 * CVE-2021-29463 Description: "An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4." https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr * CVE-2021-29464 Description: "A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4." https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p * CVE-2021-29623 Description: "A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4." https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v * CVE-2021-32617 Description: "An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`." https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd8ae2f9ca37af01f66e7dd91713cfaab3fc8694 commit bd8ae2f9ca37af01f66e7dd91713cfaab3fc8694 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-06-20 20:40:58 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-20 20:53:43 +0000 media-gfx/exiv2: add 0.27.4 Bug: https://bugs.gentoo.org/785646 Signed-off-by: Sam James <sam@gentoo.org> media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.27.4.ebuild | 115 +++++++++++++++++++++ .../exiv2/files/exiv2-0.27.4-gtest-1.11.patch | 32 ++++++ 3 files changed, 148 insertions(+) sparc stable CVE-2021-31291: A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service (DOS) via crafted metadata. CVE-2021-31292: An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. Both fixes in 0.27.4. Looking good on ppc64. # cat exiv2-785646.report USE tests started on Sa 7. Aug 16:30:45 CEST 2021 FEATURES=' test' USE='' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples nls -png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples nls -png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples nls -png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples nls -png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples nls png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc -examples -nls -png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples -nls -png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc -examples nls -png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples nls -png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples -nls png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc -examples -nls -png webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples nls -png webready xmp' succeeded for =media-gfx/exiv2-0.27.4 revdep tests started on Sa 7. Aug 16:50:17 CEST 2021 FEATURES=' test' USE='python' succeeded for media-libs/gexiv2 FEATURES=' test' USE='' succeeded for media-libs/libextractor ppc64 done (In reply to ernsteiswuerfel from comment #9) > Looking good on ppc64. > Thanks! Looking good on ppc. # cat exiv2-785646.report USE tests started on Sa 7. Aug 17:40:13 CEST 2021 FEATURES=' test' USE='' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc -examples nls -png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc examples nls -png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples -nls png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples nls png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples -nls -png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc -examples nls -png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples -nls png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc examples -nls png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples nls -png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples nls png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples -nls -png webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples -nls -png webready xmp' succeeded for =media-gfx/exiv2-0.27.4 revdep tests started on Sa 7. Aug 18:30:09 CEST 2021 FEATURES=' test' USE='' succeeded for media-libs/libextractor FEATURES=' test' USE='python' succeeded for media-libs/gexiv2 ppc done amd64 done x86 done arm done arm64 done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e1bf48a0f30b20662d158e1a14127c0749f57d2 commit 8e1bf48a0f30b20662d158e1a14127c0749f57d2 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-09-03 06:38:13 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-09-03 06:47:18 +0000 media-gfx/exiv2: Drop vulnerable 0.27.3 Bug: https://bugs.gentoo.org/785646 Package-Manager: Portage-3.0.22, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-gfx/exiv2/Manifest | 1 - media-gfx/exiv2/exiv2-0.27.3.ebuild | 102 ------------------------------------ 2 files changed, 103 deletions(-) kde proj is done here. Unable to check for sanity:
> no match for package: media-gfx/exiv2-0.27.4-r1
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ac054647254eb13d0b84b78ceab28ba69d92c404 commit ac054647254eb13d0b84b78ceab28ba69d92c404 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-22 09:22:44 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-22 09:23:49 +0000 [ GLSA 202312-06 ] Exiv2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/785646 Bug: https://bugs.gentoo.org/807346 Bug: https://bugs.gentoo.org/917650 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-06.xml | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) |