Summary: | media-gfx/exiv2: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | major | CC: | kde |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugzilla.suse.com/show_bug.cgi?id=1204818 | ||
Whiteboard: | A2 [ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-10-28 02:25:04 UTC
I'm afraid these patches won't apply easily against 0.27.5, the source has changed significantly and even greping for single context words in the patch for CVE-2022-3717 does not bring up anything remotely similar. CVE-2022-3717 does NOT seem to affect Exiv2 version 0.27.5; see https://bugzilla.suse.com/show_bug.cgi?id=1204818. CVE-2022-3719 DOES seem to affect 0.27.5 though (I personally wrote a backporting patch). I have not investigated CVE-2022-3718 yet. CVE-2022-3718 and CVE-2022-3719 seem to be irrelevant to us either; src/quicktimevideo.cpp is compiled only when configured with -DEXIV2_ENABLE_VIDEO=ON, which we does not specify. Thanks for looking into it! Indeed, EXIV2_ENABLE_VIDEO is default off and not changed by our ebuild. CVE-2022-3755 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382): https://vuldb.com/?id.212495 A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495. Patch: https://github.com/Exiv2/exiv2/commit/6bb956ad808590ce2321b9ddf6772974da27c4ca CVE-2022-3756: https://vuldb.com/?id.212496 A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496. Patch: https://github.com/Exiv2/exiv2/commit/bf4f28b727bdedbd7c88179c30d360e54568a62e CVE-2022-3757 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50901): https://vuldb.com/?id.212497 A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability. Patch: https://github.com/Exiv2/exiv2/commit/d3651fdbd352cbaf259f89abf7557da343339378 CVE-2022-3953 (https://github.com/Exiv2/exiv2/pull/2394): A vulnerability was found in Exiv2. It has been classified as problematic. This affects the function QuickTimeVideo::multipleEntriesDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to infinite loop. It is possible to initiate the attack remotely. The name of the patch is 771ead87321ae6e39e5c9f6f0855c58cde6648f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213459. Patch: https://github.com/Exiv2/exiv2/commit/771ead87321ae6e39e5c9f6f0855c58cde6648f1 Again, none relevant to us. (In reply to Andreas Sturmlechner from comment #4) > Indeed, EXIV2_ENABLE_VIDEO is default off and not changed by our ebuild. src/CMakeLists.txt has: > if( EXIV2_ENABLE_VIDEO ) > target_sources(exiv2lib PRIVATE > asfvideo.cpp ../include/exiv2/asfvideo.hpp > matroskavideo.cpp ../include/exiv2/matroskavideo.hpp > quicktimevideo.cpp ../include/exiv2/quicktimevideo.hpp > riffvideo.cpp ../include/exiv2/riffvideo.hpp > utilsvideo.cpp ../include/exiv2/utilsvideo.hpp > ) > endif() |