Bug 1186231 (CVE-2021-29473)

Summary: VUL-1: CVE-2021-29473: exiv2: out-of-bounds read in Exiv2:Jp2Image:doWriteMetadata
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/282906/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-29473:4.7:(AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2021-05-19 07:17:59 UTC 
rh#1954065

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. Please see our security policy for information about Exiv2 security.

Reference:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2

Upstream patch:
https://github.com/Exiv2/exiv2/pull/1587

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1954065
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29473
https://github.com/Exiv2/exiv2/security/policy
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
https://github.com/github/advisory-review/pull/1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWZLDECIXXW3CCZ3RS4A3NG5X5VE4WZM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBKWLTXM7IKZ4PVGKLUQVAVFAYGGF7QR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/
Comment 1 Robert Frohl 2022-04-11 09:32:55 UTC 
tracking as affected:

- SUSE:SLE-12:Update/exiv2
- SUSE:SLE-15:Update/exiv2
Comment 2 Dirk Mueller 2022-11-14 16:03:04 UTC 
submitted for SLE12, SLE15 and SLE15-SP4
Comment 4 Swamp Workflow Management 2022-11-23 20:27:13 UTC 
SUSE-SU-2022:4208-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1050257,1095070,1110282,1119559,1119560,1119562,1142677,1142678,1153577,1186231,1189337
CVE References: CVE-2017-11591,CVE-2018-11531,CVE-2018-17581,CVE-2018-20097,CVE-2018-20098,CVE-2018-20099,CVE-2019-13109,CVE-2019-13110,CVE-2019-17402,CVE-2021-29473,CVE-2021-32815
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    exiv2-0_26-0.26-150400.9.21.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src):    exiv2-0_26-0.26-150400.9.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2022-11-28 14:38:03 UTC 
SUSE-SU-2022:4252-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1119562,1142681,1185002,1186231,1188733,1189332,1189337,1189338
CVE References: CVE-2018-20097,CVE-2019-13112,CVE-2021-29457,CVE-2021-29473,CVE-2021-31291,CVE-2021-32815,CVE-2021-34334,CVE-2021-37620
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    exiv2-0.23-12.18.1
SUSE OpenStack Cloud 9 (src):    exiv2-0.23-12.18.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    exiv2-0.23-12.18.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    exiv2-0.23-12.18.1
SUSE Linux Enterprise Server 12-SP5 (src):    exiv2-0.23-12.18.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    exiv2-0.23-12.18.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    exiv2-0.23-12.18.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    exiv2-0.23-12.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2022-11-29 17:41:27 UTC 
SUSE-SU-2022:4276-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1050257,1095070,1110282,1119559,1119560,1119562,1142677,1142678,1153577,1186231,1189337
CVE References: CVE-2017-11591,CVE-2018-11531,CVE-2018-17581,CVE-2018-20097,CVE-2018-20098,CVE-2018-20099,CVE-2019-13109,CVE-2019-13110,CVE-2019-17402,CVE-2021-29473,CVE-2021-32815
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    exiv2-0.26-150000.6.26.1
SUSE Manager Server 4.1 (src):    exiv2-0.26-150000.6.26.1
SUSE Manager Retail Branch Server 4.1 (src):    exiv2-0.26-150000.6.26.1
SUSE Manager Proxy 4.1 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server for SAP 15 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    exiv2-0.26-150000.6.26.1
SUSE Enterprise Storage 7 (src):    exiv2-0.26-150000.6.26.1
SUSE Enterprise Storage 6 (src):    exiv2-0.26-150000.6.26.1
SUSE CaaS Platform 4.0 (src):    exiv2-0.26-150000.6.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.