diff --git a/SOURCES/exiv2-CVE-2021-31291.patch b/SOURCES/exiv2-CVE-2021-31291.patch new file mode 100644 index 0000000..d71d860 --- /dev/null +++ b/SOURCES/exiv2-CVE-2021-31291.patch @@ -0,0 +1,26 @@ +From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001 +From: Pydera +Date: Thu, 8 Apr 2021 17:36:16 +0200 +Subject: [PATCH] Fix out of buffer access in #1529 + +--- + src/jp2image.cpp | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/jp2image.cpp b/src/jp2image.cpp +index 4c072d7..ba025a3 100644 +--- a/src/jp2image.cpp ++++ b/src/jp2image.cpp +@@ -739,9 +739,10 @@ namespace Exiv2 + #endif + box.length = io_->size() - io_->tell() + 8; + } +- if (box.length == 1) ++ if (box.length < 8) + { +- // FIXME. Special case. the real box size is given in another place. ++ // box is broken, so there is nothing we can do here ++ throw Error(14); + } + + // Read whole box : Box header + Box data (not fixed size - can be null). diff --git a/SPECS/compat-exiv2-026.spec b/SPECS/compat-exiv2-026.spec index 0981289..d66bdbd 100644 --- a/SPECS/compat-exiv2-026.spec +++ b/SPECS/compat-exiv2-026.spec @@ -1,7 +1,7 @@ Name: compat-exiv2-026 Version: 0.26 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Compatibility package with the exiv2 library in version 0.26 License: GPLv2+ @@ -15,6 +15,7 @@ Patch7: exiv2-crash-in-pentax-camera-files.patch Patch10: exiv2-CVE-2017-17723.patch Patch11: exiv2-CVE-2017-17725.patch Patch12: exiv2-CVE-2017-5772.patch +Patch13: exiv2-CVE-2021-31291.patch BuildRequires: expat-devel BuildRequires: gettext @@ -83,6 +84,10 @@ chmod 755 %{buildroot}%{_libdir}/libexiv2.so.* %changelog +* Thu Aug 11 2021 Jan Grulich - 0.26-3 +- Fix heap-based buffer overflow vulnerability in jp2image.cpp + Resolves: bz#1990394 + * Tue Feb 18 2020 Jan Grulich - 0.26-2 - Fix crash in Pentax camera files Resolves: bz#1747857