1946314 – (CVE-2021-3482) CVE-2021-3482 exiv2: Heap-based buffer overflow in Jp2Image::readMetadata()

Bug 1946314 (CVE-2021-3482) - CVE-2021-3482 exiv2: Heap-based buffer overflow in Jp2Image::readMetadata()

Summary: CVE-2021-3482 exiv2: Heap-based buffer overflow in Jp2Image::readMetadata()

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-3482
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1946315 1947160 1947161
Blocks:	1946317 1946319
TreeView+	depends on / blocked

Reported:	2021-04-05 19:27 UTC by Guilherme de Almeida Suckevicz
Modified:	2022-04-17 21:16 UTC (History)
CC List:	3 users (show)
Fixed In Version:	exiv2 0.27.4RC2
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Exiv2. Improper input validation of the rawData.size property in the Jp2Image::readMetadata() function in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. The highest threat from this vulnerability is to confidentiality and system availability.
Clone Of:
Environment:
Last Closed:	2021-11-09 21:54:19 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:4173	0	None	None	None	2021-11-09 17:34:07 UTC

Description Guilherme de Almeida Suckevicz 2021-04-05 19:27:44 UTC

A flaw was found in Exiv2. An improper check of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow.

Reference:
https://github.com/Exiv2/exiv2/issues/1522

Comment 1 Guilherme de Almeida Suckevicz 2021-04-05 19:28:00 UTC

Created exiv2 tracking bugs for this issue:

Affects: fedora-all [bug 1946315]

Comment 2 Guilherme de Almeida Suckevicz 2021-04-06 18:24:50 UTC

Acknowledgments:

Name: yuawn (NSLab NTU Taiwan)

Comment 5 Marco Benatto 2021-04-07 19:59:33 UTC

Upstream commit for this issue:

https://github.com/Exiv2/exiv2/pull/1523/commits/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da

Comment 6 Marco Benatto 2021-04-07 20:10:24 UTC

There's an issue on Exiv2 while parsing exif information from an image. The vulnerability can be leverage by an attacker by crafting a jpg image containing malicious EXIF data. The bug exists in Exiv2::Jp2Image::readMetadata() due to a lack of proper input validation and may cause out of bounds read for the heap allocated rawData pointer. This can lead to a small leak from heap data by a few bytes, configuring a low impact confidentiality issue or, eventually, for a crash causing availability impact to the program using the library.

Comment 7 errata-xmlrpc 2021-11-09 17:34:05 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4173 https://access.redhat.com/errata/RHSA-2021:4173

Comment 8 Product Security DevOps Team 2021-11-09 21:54:17 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3482

Note You need to log in before you can comment on or make changes to this bug.