CVE-2023-44398: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. Patch: https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5 Maintainers, please stabilize.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58c79ada9b4fed3de90aa55856ca7d3293891a4b commit 58c79ada9b4fed3de90aa55856ca7d3293891a4b Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-11-29 09:37:12 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-11-29 09:42:55 +0000 media-gfx/exiv2: Cleanup vulnerable 0.28.0 Bug: https://bugs.gentoo.org/917650 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-gfx/exiv2/Manifest | 1 - media-gfx/exiv2/exiv2-0.28.0.ebuild | 129 ------------------------------------ 2 files changed, 130 deletions(-)
This bug still requires cleanup of vulnerable version 0.27.7. Apologies for the mistake in updating the whiteboard.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ac054647254eb13d0b84b78ceab28ba69d92c404 commit ac054647254eb13d0b84b78ceab28ba69d92c404 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-22 09:22:44 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-22 09:23:49 +0000 [ GLSA 202312-06 ] Exiv2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/785646 Bug: https://bugs.gentoo.org/807346 Bug: https://bugs.gentoo.org/917650 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-06.xml | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+)
commit e2502ab68714c7c22176061458ac501ae3545cb0 Author: Andreas Sturmlechner <asturm@gentoo.org> Date: Mon Feb 19 21:13:41 2024 +0100 media-gfx/exiv2: drop 0.27.7, 0.28.1-r1