aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
AgeCommit message (Collapse)Author
2021-05-22exiv2: Fix CVE-2021-29473wangmy
References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1587/commits/e6a0982f7cd9282052b6e3485a458d60629ffa0b] CVE: CVE-2021-29473 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a9aecd2c32fc8f238f62ef70813e032b6b52c2f2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-05-22exiv2: Fix CVE-2021-29470wangmy
References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1581/commits/6628a69c036df2aa036290e6cd71767c159c79ed] CVE: CVE-2021-29470 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bb1400efda77a7289ca20782172bfbe1f457f161) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-05-22exiv2: Fix CVE-2021-29464wangmy
References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464 The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54] CVE: CVE-2021-29464 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8c9470bdfaa1d33347ffaf25b3e18d2163667e18) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-05-22exiv2: Fix CVE-2021-3482wangmy
References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482 Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1523/commits/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da] CVE: CVE-2021-3482 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9e7c2c9713dc2824af2a33b0a3feb4f29e7f0269) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-05-22exiv2: Fix CVE-2021-29463wangmy
References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b] CVE: CVE-2021-29463 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8e63ac6c86852a12408c2415be073c71420758ff) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-05-22exiv2: Fix CVE-2021-29458wangmy
References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1536/commits/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d] CVE: CVE-2021-29458 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f0d83c14d9064ce1ee19b92d95c8daf790fe7488) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-05-22exiv2: Fix CVE-2021-29457wangmy
References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457 The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/0230620e6ea5e2da0911318e07ce6e66d1ebdf22] CVE: CVE-2021-29457 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5be72693096cef671bf54bf1dd6ee8125614d064) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-08-23exiv2: upgrade 0.27.1 -> 0.27.3Andreas Müller
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6443044ca9ec90d6740c42e618830ca52d656f5f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-09-22 06:51:38 +0000