exiv2: patch CVE-2021-37622

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37622 Pick the patch from the PR referenced by the NVD advisory. Note that the regression test is not part of this patch, as no patchtool could apply it in do_patch task. The test patch was however manually applied during preparing this patch, and all tests were executed successfully. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-04-02 02:49:12 +00:00 · 2026-03-01 15:09:08 +01:00 · 2026-03-01 15:09:08 +01:00 · 6d3829a569
commit 6d3829a569
parent 08fe7e8f61
3 changed files with 52 additions and 0 deletions
--- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-1.patch
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-1.patch
@ -0,0 +1,25 @@
+From f6da4a573f9f4c0821ac726fcbfc7fc09212327b Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Sat, 17 Jul 2021 12:38:31 +0100
+Subject: [PATCH] Make sure that read is complete to prevent infinite loop.
+
+CVE: CVE-2021-37622
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/ffe5eb517dad93845e62144d8e53f52b17420ecd]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/jpgimage.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/jpgimage.cpp b/src/jpgimage.cpp
+index b9e724c..bb34044 100644
+--- a/src/jpgimage.cpp
+++ b/src/jpgimage.cpp
+@@ -644,7 +644,7 @@ namespace Exiv2 {
+                 // Read size and signature
+                 std::memset(buf.pData_, 0x0, buf.size_);
+                 bufRead = io_->read(buf.pData_, bufMinSize);
+-                if (io_->error())
+                if (io_->error() || bufRead != bufMinSize)
+                     throw Error(kerFailedToReadImageData);
+                 if (bufRead < 2)
+                     throw Error(kerNotAJpeg);
--- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-2.patch
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37622-2.patch
@ -0,0 +1,25 @@
+From 8390f32b88b2c779c328ca09d9f437202fca2782 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Sun, 25 Jul 2021 19:03:50 +0100
+Subject: [PATCH] Remove redundant check.
+
+CVE: CVE-2021-37622
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/19026fab2bc2b6dee2150f38153feb65a41cea17]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/jpgimage.cpp | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/jpgimage.cpp b/src/jpgimage.cpp
+index bb34044..d549355 100644
+--- a/src/jpgimage.cpp
+++ b/src/jpgimage.cpp
+@@ -646,8 +646,6 @@ namespace Exiv2 {
+                 bufRead = io_->read(buf.pData_, bufMinSize);
+                 if (io_->error() || bufRead != bufMinSize)
+                     throw Error(kerFailedToReadImageData);
+-                if (bufRead < 2)
+-                    throw Error(kerNotAJpeg);
+                 const uint16_t size = mHasLength[marker] ? getUShort(buf.pData_, bigEndian) : 0;
+                 if (bPrint && mHasLength[marker])
+                     out << Internal::stringFormat(" | %7d ", size);
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@ -30,6 +30,8 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
           file://CVE-2021-37620-2.patch \
           file://CVE-2021-37621-1.patch \
           file://CVE-2021-37621-2.patch \
+           file://CVE-2021-37622-1.patch \
+           file://CVE-2021-37622-2.patch \
           "
 SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"