new file mode 100644
@@ -0,0 +1,25 @@
+From f6da4a573f9f4c0821ac726fcbfc7fc09212327b Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Sat, 17 Jul 2021 12:38:31 +0100
+Subject: [PATCH] Make sure that read is complete to prevent infinite loop.
+
+CVE: CVE-2021-37622
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/ffe5eb517dad93845e62144d8e53f52b17420ecd]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/jpgimage.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/jpgimage.cpp b/src/jpgimage.cpp
+index b9e724c..bb34044 100644
+--- a/src/jpgimage.cpp
++++ b/src/jpgimage.cpp
+@@ -644,7 +644,7 @@ namespace Exiv2 {
+ // Read size and signature
+ std::memset(buf.pData_, 0x0, buf.size_);
+ bufRead = io_->read(buf.pData_, bufMinSize);
+- if (io_->error())
++ if (io_->error() || bufRead != bufMinSize)
+ throw Error(kerFailedToReadImageData);
+ if (bufRead < 2)
+ throw Error(kerNotAJpeg);
new file mode 100644
@@ -0,0 +1,25 @@
+From 8390f32b88b2c779c328ca09d9f437202fca2782 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Sun, 25 Jul 2021 19:03:50 +0100
+Subject: [PATCH] Remove redundant check.
+
+CVE: CVE-2021-37622
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/19026fab2bc2b6dee2150f38153feb65a41cea17]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/jpgimage.cpp | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/jpgimage.cpp b/src/jpgimage.cpp
+index bb34044..d549355 100644
+--- a/src/jpgimage.cpp
++++ b/src/jpgimage.cpp
+@@ -646,8 +646,6 @@ namespace Exiv2 {
+ bufRead = io_->read(buf.pData_, bufMinSize);
+ if (io_->error() || bufRead != bufMinSize)
+ throw Error(kerFailedToReadImageData);
+- if (bufRead < 2)
+- throw Error(kerNotAJpeg);
+ const uint16_t size = mHasLength[marker] ? getUShort(buf.pData_, bigEndian) : 0;
+ if (bPrint && mHasLength[marker])
+ out << Internal::stringFormat(" | %7d ", size);
@@ -30,6 +30,8 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
file://CVE-2021-37620-2.patch \
file://CVE-2021-37621-1.patch \
file://CVE-2021-37621-2.patch \
+ file://CVE-2021-37622-1.patch \
+ file://CVE-2021-37622-2.patch \
"
SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37622 Pick the patch from the PR referenced by the NVD advisory. Note that the regression test is not part of this patch, as no patchtool could apply it in do_patch task. The test patch was however manually applied during preparing this patch, and all tests were executed successfully. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../exiv2/exiv2/CVE-2021-37622-1.patch | 25 +++++++++++++++++++ .../exiv2/exiv2/CVE-2021-37622-2.patch | 25 +++++++++++++++++++ meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 2 ++ 3 files changed, 52 insertions(+) create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-1.patch create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-2.patch