Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37618
Pick the patch from the PR that is referenced by the NVD advisory. Note that the regression test was not backported, because it contains a binary patch, that I couldn't apply with any of the patchtools in the do_patch step. Before submission however I have applied the patches, and ran all the tests successfully. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../exiv2/exiv2/CVE-2021-37618.patch | 32 +++++++++++++++++++ meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37618.patch diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37618.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37618.patch new file mode 100644 index 0000000000..8799876232 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37618.patch @@ -0,0 +1,32 @@ +From 37e0d4dac7c8b1a9e01448c359bf013ead53904a Mon Sep 17 00:00:00 2001 +From: Kevin Backhouse <[email protected]> +Date: Mon, 5 Jul 2021 10:40:03 +0100 +Subject: [PATCH] Better bounds checking in Jp2Image::printStructure + +CVE: CVE-2021-37618 +Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/0fcdde80997913dde284ea98f06f9305d06cb160] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/jp2image.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/jp2image.cpp b/src/jp2image.cpp +index e14919c..2da69f1 100644 +--- a/src/jp2image.cpp ++++ b/src/jp2image.cpp +@@ -538,6 +538,7 @@ static void boxes_check(size_t b,size_t m) + + if (subBox.type == kJp2BoxTypeColorHeader) { + long pad = 3; // don't know why there are 3 padding bytes ++ enforce(data.size_ >= pad, kerCorruptedMetadata); + if (bPrint) { + out << " | pad:"; + for (int i = 0; i < 3; i++) +@@ -547,6 +548,7 @@ static void boxes_check(size_t b,size_t m) + if (bPrint) { + out << " | iccLength:" << iccLength; + } ++ enforce(iccLength <= data.size_ - pad, kerCorruptedMetadata); + if (bICC) { + out.write((const char*)data.pData_ + pad, iccLength); + } diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb index 83110b1e0e..3d41bc93b2 100644 --- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb +++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb @@ -24,6 +24,7 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source file://CVE-2021-34335-2.patch \ file://CVE-2021-37615-1.patch \ file://CVE-2021-37615-2.patch \ + file://CVE-2021-37618.patch \ " SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124785): https://lists.openembedded.org/g/openembedded-devel/message/124785 Mute This Topic: https://lists.openembedded.org/mt/118066402/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
