diff mbox series

[meta-oe,kirkstone,08/10] exiv2: patch CVE-2021-32815

Message ID 20251122193128.1703871-8-skandigraun@gmail.com
State New
Headers show
Series [meta-webserver,kirkstone,01/10] monkey: Update status for CVE-2013-2183 | expand

Commit Message

Gyorgy Sarvari Nov. 22, 2025, 7:31 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-32815

Pick the patch from the PR mentioned in he nvd report.

This patch is a combination of 3 commits, which are so
small, that it is still very readable in this form also.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../exiv2/exiv2/CVE-2021-32815.patch          | 36 +++++++++++++++++++
 meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch
new file mode 100644
index 0000000000..238e1cfb84
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch
@@ -0,0 +1,36 @@ 
+From 14fc89433d22f56fa3ec973d802e9316a268deab Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Wed, 23 Jun 2021 22:39:31 +0100
+Subject: [PATCH] Don't crash if s > size.
+
+CVE: CVE-2021-32815
+
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/pull/1739/commits/0c17eb33c0a7fad1796ce23b8bbc32067f511aed
+https://github.com/Exiv2/exiv2/pull/1739/commits/04466168b87dedff4ec09c09e9c23f2334ba1734
+https://github.com/Exiv2/exiv2/pull/1739/commits/c79d83f25fdd09218697d482211a61db87ce5333]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/crwimage_int.cpp | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index 2e3e507..0232867 100644
+--- a/src/crwimage_int.cpp
++++ b/src/crwimage_int.cpp
+@@ -1226,9 +1226,12 @@ namespace Exiv2 {
+         for (ExifData::const_iterator i = b; i != e; ++i) {
+             if (i->ifdId() != ifdId) continue;
+             const uint16_t s = i->tag()*2 + static_cast<uint16_t>(i->size());
+-            assert(s <= size);
+-            if (len < s) len = s;
+-            i->copy(buf.pData_ + i->tag()*2, byteOrder);
++            if (s <= size) {
++                if (len < s) len = s;
++                i->copy(buf.pData_ + i->tag()*2, byteOrder);
++            } else {
++                EXV_ERROR << "packIfdId out-of-bounds error: s = " << std::dec << s << "\n";
++            }
+         }
+         // Round the size to make it even.
+         buf.size_ = len + len%2;
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 389d8da921..2807cb8948 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -15,6 +15,7 @@  SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
            file://CVE-2021-3482.patch \
            file://CVE-2021-29623.patch \
            file://CVE-2021-32617.patch \
+           file://CVE-2021-32815.patch \
            "
 SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"