Bug 1186231 – VUL-1: CVE-2021-29473: exiv2: out-of-bounds read in Exiv2:Jp2Image:doWriteMetadata

Bug 1186231 - (CVE-2021-29473) VUL-1: CVE-2021-29473: exiv2: out-of-bounds read in Exiv2:Jp2Image:doWriteMetadata

(CVE-2021-29473)
Summary:	VUL-1: CVE-2021-29473: exiv2: out-of-bounds read in Exiv2:Jp2Image:doWriteMet...

Status:	NEW

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/282906/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-29473:4.7:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-05-19 07:17 UTC by Robert Frohl
Modified:	2022-11-29 17:41 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2021-05-19 07:17:59 UTC

rh#1954065

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. Please see our security policy for information about Exiv2 security.

Reference:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2

Upstream patch:
https://github.com/Exiv2/exiv2/pull/1587

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1954065
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29473
https://github.com/Exiv2/exiv2/security/policy
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
https://github.com/github/advisory-review/pull/1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWZLDECIXXW3CCZ3RS4A3NG5X5VE4WZM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBKWLTXM7IKZ4PVGKLUQVAVFAYGGF7QR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/

Comment 1 Robert Frohl 2022-04-11 09:32:55 UTC

tracking as affected:

- SUSE:SLE-12:Update/exiv2
- SUSE:SLE-15:Update/exiv2

Comment 2 Dirk Mueller 2022-11-14 16:03:04 UTC

submitted for SLE12, SLE15 and SLE15-SP4

Comment 4 Swamp Workflow Management 2022-11-23 20:27:13 UTC

SUSE-SU-2022:4208-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1050257,1095070,1110282,1119559,1119560,1119562,1142677,1142678,1153577,1186231,1189337
CVE References: CVE-2017-11591,CVE-2018-11531,CVE-2018-17581,CVE-2018-20097,CVE-2018-20098,CVE-2018-20099,CVE-2019-13109,CVE-2019-13110,CVE-2019-17402,CVE-2021-29473,CVE-2021-32815
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    exiv2-0_26-0.26-150400.9.21.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src):    exiv2-0_26-0.26-150400.9.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 5 Swamp Workflow Management 2022-11-28 14:38:03 UTC

SUSE-SU-2022:4252-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1119562,1142681,1185002,1186231,1188733,1189332,1189337,1189338
CVE References: CVE-2018-20097,CVE-2019-13112,CVE-2021-29457,CVE-2021-29473,CVE-2021-31291,CVE-2021-32815,CVE-2021-34334,CVE-2021-37620
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    exiv2-0.23-12.18.1
SUSE OpenStack Cloud 9 (src):    exiv2-0.23-12.18.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    exiv2-0.23-12.18.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    exiv2-0.23-12.18.1
SUSE Linux Enterprise Server 12-SP5 (src):    exiv2-0.23-12.18.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    exiv2-0.23-12.18.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    exiv2-0.23-12.18.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    exiv2-0.23-12.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 6 Swamp Workflow Management 2022-11-29 17:41:27 UTC

SUSE-SU-2022:4276-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1050257,1095070,1110282,1119559,1119560,1119562,1142677,1142678,1153577,1186231,1189337
CVE References: CVE-2017-11591,CVE-2018-11531,CVE-2018-17581,CVE-2018-20097,CVE-2018-20098,CVE-2018-20099,CVE-2019-13109,CVE-2019-13110,CVE-2019-17402,CVE-2021-29473,CVE-2021-32815
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    exiv2-0.26-150000.6.26.1
SUSE Manager Server 4.1 (src):    exiv2-0.26-150000.6.26.1
SUSE Manager Retail Branch Server 4.1 (src):    exiv2-0.26-150000.6.26.1
SUSE Manager Proxy 4.1 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server for SAP 15 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    exiv2-0.26-150000.6.26.1
SUSE Enterprise Storage 7 (src):    exiv2-0.26-150000.6.26.1
SUSE Enterprise Storage 6 (src):    exiv2-0.26-150000.6.26.1
SUSE CaaS Platform 4.0 (src):    exiv2-0.26-150000.6.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.