A flaw was found in Exiv2. An improper check of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow. Reference: https://github.com/Exiv2/exiv2/issues/1522
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1946315]
Acknowledgments: Name: yuawn (NSLab NTU Taiwan)
Upstream commit for this issue: https://github.com/Exiv2/exiv2/pull/1523/commits/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da
There's an issue on Exiv2 while parsing exif information from an image. The vulnerability can be leverage by an attacker by crafting a jpg image containing malicious EXIF data. The bug exists in Exiv2::Jp2Image::readMetadata() due to a lack of proper input validation and may cause out of bounds read for the heap allocated rawData pointer. This can lead to a small leak from heap data by a few bytes, configuring a low impact confidentiality issue or, eventually, for a crash causing availability impact to the program using the library.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4173 https://access.redhat.com/errata/RHSA-2021:4173
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3482