2 files changed, 28 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch
new file mode 100644
index 0000000000..e5d069487c
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch
@@ -0,0 +1,26 @@
+From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
+From: Pydera <pydera@mailbox.org>
+Date: Thu, 8 Apr 2021 17:36:16 +0200
+Subject: [PATCH] Fix out of buffer access in #1529
+---
+ src/jp2image.cpp | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index 88ab9b2d6..12025f966 100644
+--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
+@@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m)
+ #endif
+                 box.length = (uint32_t) (io_->size() - io_->tell() + 8);
+             }
+-            if (box.length == 1)
+            if (box.length < 8)
+             {
+-                // FIXME. Special case. the real box size is given in another place.
+                // box is broken, so there is nothing we can do here
+                throw Error(kerCorruptedMetadata);
+             }
+ 
+             // Read whole box : Box header + Box data (not fixed size - can be null).
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index ed1e8de5c2..a13db42edd 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -9,7 +9,8 @@ SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994
 # Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
 inherit dos2unix
-SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch"
+SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch \
+            file://CVE-2021-29457.patch"
 S = "${WORKDIR}/${BPN}-${PV}-Source"

diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch new file mode 100644 index 0000000000..e5d069487c --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch
@@ -0,0 +1,26 @@
		1	From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
		2	From: Pydera <pydera@mailbox.org>
		3	Date: Thu, 8 Apr 2021 17:36:16 +0200
		4	Subject: [PATCH] Fix out of buffer access in #1529
		5
		6	---
		7	src/jp2image.cpp \| 5 +++--
		8	1 file changed, 3 insertions(+), 2 deletions(-)
		9
		10	diff --git a/src/jp2image.cpp b/src/jp2image.cpp
		11	index 88ab9b2d6..12025f966 100644
		12	--- a/src/jp2image.cpp
		13	+++ b/src/jp2image.cpp
		14	@@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m)
		15	#endif
		16	box.length = (uint32_t) (io_->size() - io_->tell() + 8);
		17	}
		18	- if (box.length == 1)
		19	+ if (box.length < 8)
		20	{
		21	- // FIXME. Special case. the real box size is given in another place.
		22	+ // box is broken, so there is nothing we can do here
		23	+ throw Error(kerCorruptedMetadata);
		24	}
		25
		26	// Read whole box : Box header + Box data (not fixed size - can be null).


diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb index ed1e8de5c2..a13db42edd 100644 --- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb +++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -9,7 +9,8 @@ SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994
9		9
10	# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either	10	# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
11	inherit dos2unix	11	inherit dos2unix
12	SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch"	12	SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch \
		13	file://CVE-2021-29457.patch"
13		14
14	S = "${WORKDIR}/${BPN}-${PV}-Source"	15	S = "${WORKDIR}/${BPN}-${PV}-Source"
15		16