* CVE-2021-29470 Description: "An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4." https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj * CVE-2021-29458 Description: "An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4." https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
* CVE-2021-29457 Description: "A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4." https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
* CVE-2021-29473 Description: "An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4." CONFIRM:https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
* CVE-2021-29463 Description: "An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4." https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr * CVE-2021-29464 Description: "A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4." https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p
* CVE-2021-29623 Description: "A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4." https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
* CVE-2021-32617 Description: "An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`." https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd8ae2f9ca37af01f66e7dd91713cfaab3fc8694 commit bd8ae2f9ca37af01f66e7dd91713cfaab3fc8694 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-06-20 20:40:58 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-20 20:53:43 +0000 media-gfx/exiv2: add 0.27.4 Bug: https://bugs.gentoo.org/785646 Signed-off-by: Sam James <sam@gentoo.org> media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.27.4.ebuild | 115 +++++++++++++++++++++ .../exiv2/files/exiv2-0.27.4-gtest-1.11.patch | 32 ++++++ 3 files changed, 148 insertions(+)
sparc stable
CVE-2021-31291: A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service (DOS) via crafted metadata. CVE-2021-31292: An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. Both fixes in 0.27.4.
Looking good on ppc64. # cat exiv2-785646.report USE tests started on Sa 7. Aug 16:30:45 CEST 2021 FEATURES=' test' USE='' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples nls -png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples nls -png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples nls -png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples nls -png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples nls png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc -examples -nls -png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples -nls -png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc -examples nls -png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples nls -png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples -nls png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc -examples -nls -png webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples nls -png webready xmp' succeeded for =media-gfx/exiv2-0.27.4 revdep tests started on Sa 7. Aug 16:50:17 CEST 2021 FEATURES=' test' USE='python' succeeded for media-libs/gexiv2 FEATURES=' test' USE='' succeeded for media-libs/libextractor
ppc64 done
(In reply to ernsteiswuerfel from comment #9) > Looking good on ppc64. > Thanks!
Looking good on ppc. # cat exiv2-785646.report USE tests started on Sa 7. Aug 17:40:13 CEST 2021 FEATURES=' test' USE='' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc -examples nls -png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc examples nls -png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples -nls png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples nls png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples -nls -png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc -examples nls -png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples -nls png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='-doc examples -nls png webready -xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples nls -png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples nls png -webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc -examples -nls -png webready xmp' succeeded for =media-gfx/exiv2-0.27.4 USE='doc examples -nls -png webready xmp' succeeded for =media-gfx/exiv2-0.27.4 revdep tests started on Sa 7. Aug 18:30:09 CEST 2021 FEATURES=' test' USE='' succeeded for media-libs/libextractor FEATURES=' test' USE='python' succeeded for media-libs/gexiv2
ppc done
amd64 done
x86 done
arm done
arm64 done all arches done
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e1bf48a0f30b20662d158e1a14127c0749f57d2 commit 8e1bf48a0f30b20662d158e1a14127c0749f57d2 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-09-03 06:38:13 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-09-03 06:47:18 +0000 media-gfx/exiv2: Drop vulnerable 0.27.3 Bug: https://bugs.gentoo.org/785646 Package-Manager: Portage-3.0.22, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-gfx/exiv2/Manifest | 1 - media-gfx/exiv2/exiv2-0.27.3.ebuild | 102 ------------------------------------ 2 files changed, 103 deletions(-)
kde proj is done here.
Unable to check for sanity: > no match for package: media-gfx/exiv2-0.27.4-r1
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ac054647254eb13d0b84b78ceab28ba69d92c404 commit ac054647254eb13d0b84b78ceab28ba69d92c404 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-22 09:22:44 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-22 09:23:49 +0000 [ GLSA 202312-06 ] Exiv2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/785646 Bug: https://bugs.gentoo.org/807346 Bug: https://bugs.gentoo.org/917650 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-06.xml | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+)