diff --git a/SOURCES/exiv2-CVE-2021-31291.patch b/SOURCES/exiv2-CVE-2021-31291.patch new file mode 100644 index 0000000..749d573 --- /dev/null +++ b/SOURCES/exiv2-CVE-2021-31291.patch @@ -0,0 +1,26 @@ +From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001 +From: Pydera +Date: Thu, 8 Apr 2021 17:36:16 +0200 +Subject: [PATCH] Fix out of buffer access in #1529 + +--- + src/jp2image.cpp | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/jp2image.cpp b/src/jp2image.cpp +index 1892fd4..01a21f2 100644 +--- a/src/jp2image.cpp ++++ b/src/jp2image.cpp +@@ -737,9 +737,10 @@ namespace Exiv2 + #endif + box.length = io_->size() - io_->tell() + 8; + } +- if (box.length == 1) ++ if (box.length < 8) + { +- // FIXME. Special case. the real box size is given in another place. ++ // box is broken, so there is nothing we can do here ++ throw Error(kerCorruptedMetadata); + } + + // Read whole box : Box header + Box data (not fixed size - can be null). diff --git a/SPECS/compat-exiv2-026.spec b/SPECS/compat-exiv2-026.spec index 6dbf115..dd6ba43 100644 --- a/SPECS/compat-exiv2-026.spec +++ b/SPECS/compat-exiv2-026.spec @@ -1,6 +1,6 @@ Name: compat-exiv2-026 Version: 0.26 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Compatibility package with the exiv2 library in version 0.26 License: GPLv2+ @@ -32,6 +32,7 @@ Patch24: exiv2-CVE-2018-5772.patch Patch25: exiv2-CVE-2018-8976.patch Patch26: exiv2-CVE-2018-8977.patch Patch27: exiv2-CVE-2018-16336.patch +Patch28: exiv2-CVE-2021-31291.patch ## upstreamable patches @@ -96,6 +97,10 @@ rm -rf mv %{buildroot}%{_libdir}/libexiv2.so %changelog +* Thu Aug 05 2021 Jan Grulich - 0.26-11 +- Fix heap-based buffer overflow vulnerability in jp2image.cpp that may lead to DoS + Resolves: bz#1990397 + * Thu Nov 21 2019 Jan Grulich - 0.26-3 - Remove pre-built msvc binaries Resolves: bz#1757349