Bug 1946314 (CVE-2021-3482) - CVE-2021-3482 exiv2: heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp
Summary: CVE-2021-3482 exiv2: heap-based buffer overflow in Jp2Image::readMetadata() i...
Keywords:
Status: NEW
Alias: CVE-2021-3482
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1947160 1947161 1946315
Blocks: 1946317 1946319
TreeView+ depends on / blocked
 
Reported: 2021-04-05 19:27 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-04-08 18:54 UTC (History)
3 users (show)

Fixed In Version: exiv2 0.27.4RC2
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-04-05 19:27:44 UTC
A flaw was found in Exiv2. An improper check of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow.

Reference:
https://github.com/Exiv2/exiv2/issues/1522

Comment 1 Guilherme de Almeida Suckevicz 2021-04-05 19:28:00 UTC
Created exiv2 tracking bugs for this issue:

Affects: fedora-all [bug 1946315]

Comment 2 Guilherme de Almeida Suckevicz 2021-04-06 18:24:50 UTC
Acknowledgments:

Name: yuawn (NSLab NTU Taiwan)

Comment 5 Marco Benatto 2021-04-07 19:59:33 UTC
Upstream commit for this issue:

https://github.com/Exiv2/exiv2/pull/1523/commits/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da

Comment 6 Marco Benatto 2021-04-07 20:10:24 UTC
There's an issue on Exiv2 while parsing exif information from an image. The vulnerability can be leverage by an attacker by crafting a jpg image containing malicious EXIF data. The bug exists in Exiv2::Jp2Image::readMetadata() due to a lack of proper input validation and may cause out of bounds read for the heap allocated rawData pointer. This can lead to a small leak from heap data by a few bytes, configuring a low impact confidentiality issue or, eventually, for a crash causing availability impact to the program using the library.


Note You need to log in before you can comment on or make changes to this bug.