Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 785646 (CVE-2021-29457, CVE-2021-29458, CVE-2021-29463, CVE-2021-29464, CVE-2021-29470, CVE-2021-29473, CVE-2021-29623, CVE-2021-32617) - <media-gfx/exiv2-0.27.4: Multiple vulnerabilities (CVE-2021-{29457,29458,29470,29473,29463,29464,29623,32617})
Summary: <media-gfx/exiv2-0.27.4: Multiple vulnerabilities (CVE-2021-{29457,29458,2947...
Status: IN_PROGRESS
Alias: CVE-2021-29457, CVE-2021-29458, CVE-2021-29463, CVE-2021-29464, CVE-2021-29470, CVE-2021-29473, CVE-2021-29623, CVE-2021-32617
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable]
Keywords: CC-ARCHES
Depends on: 799692
Blocks:
  Show dependency tree
 
Reported: 2021-04-25 16:56 UTC by Sam James
Modified: 2021-07-27 04:12 UTC (History)
9 users (show)

See Also:
Package list:
media-gfx/exiv2-0.27.4
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2021-04-25 16:56:00 UTC
* CVE-2021-29470

Description:
"An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4."

https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj

* CVE-2021-29458

Description:
"An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4."

https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
Comment 1 Sam James archtester gentoo-dev Security 2021-04-25 17:23:28 UTC
* CVE-2021-29457

Description:
"A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4."

https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
Comment 2 Sam James archtester gentoo-dev Security 2021-04-28 21:14:55 UTC
* CVE-2021-29473

Description:
"An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4."

CONFIRM:https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
Comment 3 Sam James archtester gentoo-dev Security 2021-05-03 17:52:06 UTC
* CVE-2021-29463

Description:
"An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4."

https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr

* CVE-2021-29464

Description:

"A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4."

https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p
Comment 4 Sam James archtester gentoo-dev Security 2021-05-15 01:15:24 UTC
* CVE-2021-29623

Description:
"A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4."

https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
Comment 5 Sam James archtester gentoo-dev Security 2021-05-18 05:56:55 UTC
* CVE-2021-32617

Description:
"An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`."

https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
Comment 6 Larry the Git Cow gentoo-dev 2021-06-20 20:53:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd8ae2f9ca37af01f66e7dd91713cfaab3fc8694

commit bd8ae2f9ca37af01f66e7dd91713cfaab3fc8694
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-06-20 20:40:58 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-06-20 20:53:43 +0000

    media-gfx/exiv2: add 0.27.4
    
    Bug: https://bugs.gentoo.org/785646
    Signed-off-by: Sam James <sam@gentoo.org>

 media-gfx/exiv2/Manifest                           |   1 +
 media-gfx/exiv2/exiv2-0.27.4.ebuild                | 115 +++++++++++++++++++++
 .../exiv2/files/exiv2-0.27.4-gtest-1.11.patch      |  32 ++++++
 3 files changed, 148 insertions(+)