In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. Upstream Issue: https://github.com/Exiv2/exiv2/issues/1011 Upstream Fix: https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1800473]
The flaw seems to be introduced in exiv2 upstream version v0.27.2 after commit https://github.com/Exiv2/exiv2/commit/edb4bf78ca5820f2c7a852c8f2df11e6aba45704. This commit added a new check in function MemIo::seek() in basicio.cpp which made it possible to return without setting variable p_->idx_, thus causing the infinite loop in the calling function Jp2Image::readMetadata() in jp2image.cpp.
Statement: This flaw did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code, which was introduced in a later version of the library.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-20421
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1577 https://access.redhat.com/errata/RHSA-2020:1577