CVE-2021-27815: NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.
Package list is empty or all packages have requested keywords.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd33507695886a6e0936f556cf6ec9de7595e7f9 commit bd33507695886a6e0936f556cf6ec9de7595e7f9 Author: Federico Denkena <federico.denkena@posteo.de> AuthorDate: 2022-07-07 20:36:01 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-07-08 22:14:34 +0000 media-gfx/exif: Security fix for CVE-2021-27815 This commit adds two patches from upstream and bumps the revision. Bug: https://bugs.gentoo.org/783522 Signed-off-by: Federico Denkena <federico.denkena@posteo.de> Signed-off-by: Sam James <sam@gentoo.org> media-gfx/exif/exif-0.6.22-r1.ebuild | 31 +++++++++++++++++ .../files/exif-0.6.22-empty-string-check.patch | 40 ++++++++++++++++++++++ 2 files changed, 71 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cccd68bec11001d70da69997730018e5151a7483 commit cccd68bec11001d70da69997730018e5151a7483 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-10-22 02:31:35 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-22 02:31:35 +0000 media-gfx/exif: drop 0.6.22 Bug: https://bugs.gentoo.org/783522 Signed-off-by: John Helmert III <ajak@gentoo.org> media-gfx/exif/exif-0.6.22.ebuild | 27 --------------------------- 1 file changed, 27 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=72cd35ddebf893b0640052a4f1534e697700fc8f commit 72cd35ddebf893b0640052a4f1534e697700fc8f Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:23:34 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:16 +0000 [ GLSA 202210-28 ] exif: Denial of Service Bug: https://bugs.gentoo.org/783522 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-28.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
GLSA released, all done!