A flaw was found in Exiv2. An improper check of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow.
Created exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1946315]
Name: yuawn (NSLab NTU Taiwan)
Upstream commit for this issue:
There's an issue on Exiv2 while parsing exif information from an image. The vulnerability can be leverage by an attacker by crafting a jpg image containing malicious EXIF data. The bug exists in Exiv2::Jp2Image::readMetadata() due to a lack of proper input validation and may cause out of bounds read for the heap allocated rawData pointer. This can lead to a small leak from heap data by a few bytes, configuring a low impact confidentiality issue or, eventually, for a crash causing availability impact to the program using the library.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:4173 https://access.redhat.com/errata/RHSA-2021:4173
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):