[oe] [meta-oe][kirkstone][PATCH 08/10] exiv2: patch CVE-2021-32815

Gyorgy Sarvari via lists.openembedded.org Sat, 22 Nov 2025 11:31:41 -0800

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-32815


Pick the patch from the PR mentioned in he nvd report.

This patch is a combination of 3 commits, which are so
small, that it is still very readable in this form also.

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../exiv2/exiv2/CVE-2021-32815.patch          | 36 +++++++++++++++++++
 meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch

diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch 
b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch
new file mode 100644
index 0000000000..238e1cfb84
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch
@@ -0,0 +1,36 @@
+From 14fc89433d22f56fa3ec973d802e9316a268deab Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <[email protected]>
+Date: Wed, 23 Jun 2021 22:39:31 +0100
+Subject: [PATCH] Don't crash if s > size.
+
+CVE: CVE-2021-32815
+
+Upstream-Status: Backport 
[https://github.com/Exiv2/exiv2/pull/1739/commits/0c17eb33c0a7fad1796ce23b8bbc32067f511aed
+https://github.com/Exiv2/exiv2/pull/1739/commits/04466168b87dedff4ec09c09e9c23f2334ba1734
+https://github.com/Exiv2/exiv2/pull/1739/commits/c79d83f25fdd09218697d482211a61db87ce5333]
+
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+---
+ src/crwimage_int.cpp | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index 2e3e507..0232867 100644
+--- a/src/crwimage_int.cpp
++++ b/src/crwimage_int.cpp
+@@ -1226,9 +1226,12 @@ namespace Exiv2 {
+         for (ExifData::const_iterator i = b; i != e; ++i) {
+             if (i->ifdId() != ifdId) continue;
+             const uint16_t s = i->tag()*2 + static_cast<uint16_t>(i->size());
+-            assert(s <= size);
+-            if (len < s) len = s;
+-            i->copy(buf.pData_ + i->tag()*2, byteOrder);
++            if (s <= size) {
++                if (len < s) len = s;
++                i->copy(buf.pData_ + i->tag()*2, byteOrder);
++            } else {
++                EXV_ERROR << "packIfdId out-of-bounds error: s = " << 
std::dec << s << "\n";
++            }
+         }
+         // Round the size to make it even.
+         buf.size_ = len + len%2;
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb 
b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 389d8da921..2807cb8948 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -15,6 +15,7 @@ SRC_URI = 
"https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
            file://CVE-2021-3482.patch \
            file://CVE-2021-29623.patch \
            file://CVE-2021-32617.patch \
+           file://CVE-2021-32815.patch \
            "
 SRC_URI[sha256sum] = 
"a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#121986): 
https://lists.openembedded.org/g/openembedded-devel/message/121986
Mute This Topic: https://lists.openembedded.org/mt/116428182/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][kirkstone][PATCH 08/10] exiv2: patch CVE-2021-32815

Reply via email to