heap-buffer-overflow Read in Exiv2::Internal::CrwMap::encode #1530
Comments
|
What is your plan here? This is the third similar CVE in three days. Exiv2 v0.27.4 is scheduled to ship on 2021-05-22. Are you planning to continuously bombard us with CVEs for weeks and months? Is it possible to have a Zoom meeting to discuss your intention and how we can cooperate? |
|
@clanmills Thanks for your hard work to make exiv2 better. I indeed have several other exiv2 security bugs, but I don't submit all the bugs at the same time, I can't agree with the strong word bombard. Security testing for exiv2 also takes a lot time, if your guys don't like to see these kind of bugs, feel free to them, I will never submit them again. I don't know is there a deadline for exiv2 release schedule, sorry for the inconvience. |
|
Thank You @henices for the courtesy of your reply. And thank you for opening issues on GitHub about these matters. That's very helpful. The sooner Team Exiv2 knows about these matters, the sooner they can be fixed. Team Exiv2 agrees that knowing about those issues and fixing them is better that having in the code and unknown to us. The Exiv2 development plan is to create a new branch called 'main' and to release Exiv2 v1.00 from that branch on 2021-12-15. We would like to ask you to focus your attention on 'main'. We will fix the issues you have opened on 0.27-maintenance and ship that as v0.27.4 on/before 2021-05-22. If we ever make another release from the 0.27-maintenance branch, we will back-port security fixes from 'main'. I appreciate the effort that you and your co-workers are putting into the important matter of security. I apologise for saying 'bombardment'. My hope this week was to finish my 13 years of working on Exiv2. I was distressed to see those CVEs arrive on day on which I intended to retire! |
|
I am unable to reproduce this. I tested it on Ubuntu 20.04, using the latest version of 0-27-maintenance (commit 05ec05342e17dc94670db1818447c06d0da8f41a). These are the exact steps that I tried: I do not see any ASAN failures. |
|
Oh, I see. I missed the |
|
@kevinbackhouse I also missed that on #1529 (comment) I reproduced #1529 as follows: .../foo $ ls -l
total 88
-rw-r--r--@ 1 rmills staff 40609 8 Apr 08:01 tests_83a94b3337206caa6803f625eb63db061395cf14
-rw-r--r--@ 1 rmills staff 9 8 Apr 08:09 tests_83a94b3337206caa6803f625eb63db061395cf14.exv
.../foo $ exiv2 in tests_83a94b3337206caa6803f625eb63db061395cf14
=================================================================
==52084==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000001b7 at pc 0x00010525f7f4 bp 0x7ffeeab2ed10 sp 0x7ffeeab2ed08
WRITE of size 8 at 0x6020000001b7 thread T0
#0 0x10525f7f3 in Exiv2::Jp2Image::doWriteMetadata(Exiv2::BasicIo&)+0x2143 (libexiv2.0.27.4.2.dylib:x86_64+0xf27f3)I believe similar medicine is needed for this issue. The 'in' command is 'insert'. It reads metadata from tests_xxxxx.exv and updates tests_xxxxx. |
|
@clanmills: when I have fuzzed exiv2 in the past, I did not try any of these extra command line options. So my testing probably didn't hit any of these "encode" methods. So it seems quite plausible that there are several more of these bugs lurking there. From a security perspective, these command line arguments seem much less interesting to me than vanilla exiv2. I can imagine somebody downloading a untrusted image off the internet and using exiv2 to look at it's metadata. I have a much harder time imagining somebody downloading a pair of untrusted files like this and running |
|
I would still suggest to change the type of 'size' from uint32_t to size_t. |
|
As always, Kevin, you are saying smart things. I also missed the unusual/obscure 'in' command. You will be aware that I was in a state of distress yesterday about those CVEs. However, I've had a nice conversation with @henices. The security folks in China are on our side. Their work will make Exiv2 stronger. My brain isn't up to thinking about the merits of size_t and uint32_t. I believe the CRW format is 32 bit, so either will work. I would change the one that minimises casts. |
|
@pydera: I think |
|
@kevinbackhouse as far as I can see DataBuf.size() returns 'long' (int64_t on LP64). I did not look deeper into this, but was afraid that it might be possible to handcraft files where a size of >uint32_t-max could be returned and then overflow the uint32_t size. |
|
@pydera: Yes, I agree that |
|
@kevinbackhouse Agreed. My point of view was "just looking at THIS function" without deeper research on CiffComponent, I saw that DataBuf::size() could potentially overflow 'size'. Not looking at CiffComponent I concluded that changing 'size' to size_t would always be a safe choice while uint32_t needs further investigation. |
there is another way to exploit these bugs, a single image file is enough. |
(cherry picked from commit c92ac88) # Conflicts: # tests/bugfixes/github/test_issue_1530.py
…27.4
Alejandro Criado-Pérez (1):
Added ES translations
Alex Esseling (2):
add_cr3_tags
fixing exceptions and reordering tags
Christoph Hasse (10):
Implement handling of new Nikon LensData version 8.0 and 8.01
try and fix ci-build
try and fix ci-build 2/N
try and fix ci-build 3/N
add shutter mode and mechanical shutter count to nikon makernote 3
include test of shutter mode and mech shutter count in lensdata 8 test
use EXV_PRINT_TAG macro instead of specific print function
fix formatting
introduce parseTiff method to parse exif
run clang-format on new files
Freddie Witherden (2):
Add support for Sony lens aberration correction parameters.
Add support for Fuji's CropMode tag.
Ingo Weyrich (1):
Use a.rfind(b, 0) == 0 instead of a.find(b) == 0 to reduce processing time when checking that a starts wit b, #1459
Jan Tojnar (2):
cmake: Fix paths with absolute GNUInstallDirs
cmake: Fix include_directories for exiv2lib target
Kevin Backhouse (26):
Fix incorrect delete.
Regression test for Exiv2/exiv2#1530
Fix integer overflow.
Fix test name
Use $kerCorruptedMetadata, rather than hard-coded string.
Regression test for GHSA-5p8g-9xf3-gfrr
Improve bound checking in WebPImage::doWriteMetadata()
Regression test for GHSA-jgm9-5fw5-pw9p
Better bounds checking in Jp2Image::encodeJp2Header()
Fix signed/unsigned compiler warnings.
Regression test for GHSA-8949-hhfh-j7rj
Add more bounds checks in Jp2Image::encodeJp2Header
Regression test for GHSA-7569-phvm-vwc2
Add bounds check in Jp2Image::doWriteMetadata().
Fix infinite loop caused by subBox with zero size.
Prevent large allocation.
Initialize field.
Use readOrThrow to check error conditions of iIo.read().
Fix quadratic complexity performance bug.
Regression test for Exiv2/exiv2#1570.
Fix out-of-bounds read in bmffimage.cpp
Stop the test from failing when EXIV2_ENABLE_BMFF=Off.
Fix signed/unsigned compiler warning.
Fix signed/unsigned compiler warning.
Fix LGTM warning about format specifier
Check that the string is properly terminated.
Lemures Lemniscati (1):
samples/xmpprint.cpp: Fix typos
LeoHsiao (76):
Converted two bash test scripts into Python scripts as an example
Correct ioTest's execution directory
Rename unit_test and import it in system_tests.py
Update the documentation for the test cases
Let bash_test read the configuration parameters from suite.conf
Rename bash_test to bash_tests
Wrap shell commands in single quotes
Rename tests/README.md
Rename the variable `output` to `out`
Add default parameter value to the function 'runTest'
Define a class 'Log' to merge logs into Python exception message
Rewrite testcase 'addmoddel'
Add methods setUp() and tearDown()
Add some functions to replace shell commands: cp, rm, cat, grep, save, diff
Rewrite testcase 'conversions'
Rewrite testcase 'crw-test'
Clear the log buffer after test
Rewrite testcase 'exifdata-test'
Add functions: mv, md5sum
Rewrite testcase 'icc-test'
Optimize class 'Log' and add class 'Conf'
Add excute() to replace runTest()
Optimize cat(), save() and excute() to handle bytes type content
Rename bash_tests.utils as BT
Optimize Conf.init() in bash_tests.utils
Completed test_io()
Remove copyTestFiles()
Add class 'Output' to simulate the stdout buffer
Refactor exiv2-test.sh to test_exiv2()
Rewrite diff() to simulate the output of GNU diff
Refactor imagetest.sh to test_image()
Rename class 'Conf' to 'Config'
Rename test cases from 'test*()' format to '*test()' format
Mainly optimize utils.py:
Add functions: diff_byte(), diffCheck()
Refactor iptctest.sh to iptc_test()
Modify printTest(): Ignore the difference of data_dir
Add environment variables: EXIV2_HTTP, EXIV2_PORT
Adjust line breaks, binary extension on Windows
Adjust the format of the command on Windows
Ignore printTest() output differences on Windows
Ignore conversions_test() output differences on Windows
Ignore .vscode
Deprecated Config.exiv2_ext
Refactor modify-test.sh to iso65k_test()
Refactor path-test.sh to path_test()
Adjust code spacing
Refactor function execute() to class Executer
Refactor modify-test.sh to modify_test()
Add find()
Refactor preview-test.sh to preview_test()
Refactor stdin-test.sh to stdin_test()
Refactor stringto-test.sh to stringto_test()
Refactor tiff-test.sh to tiff_test()
Add description for the module lxml
Refactor version_test.sh to version_test()
Refactor webp-test.sh to webp_test()
Optimize diff()
Refactor write-test.sh to write_test()
Refactor write2-test.sh to write2_test()
Refactor xmpparser-test.sh to xmpparser_test()
Ignore the difference in the path separator for stdin_test
Fix webp_test: correct a test file name
Enhance function find(), cp(), rm(), mv()
add nls_test()
Fix variable LANG in nls_test()
Correct the output of exiv2-test
Fix nls_test(): Check only part of the output
Supports setting EXIV2_HTTP or EXIV2_PORT to '' to ignore HTTP test
Support to display the command to execute
Support variables: DYLD_LIBRARY_PATH, LD_LIBRARY_PATH
Set the variable EXIV2_ECHO when executing `make python_tests VERBOSE=1`
let `make python_tests` runs in verbose mode
Set the default value for the variable VALGRIN to empty
Cancel adding a newline when testing
Simplify functions: runTest(), verbose_version()
Leonardo Brondani Schenkel (2):
Detect Sigma 18-35mm f/1.8 DC HSM (firmware 2.x)
Make lens name consistent with models 150 and 368
Luis Diaz Mas (1):
Use check_cxx_compiler_flags instead of C version
Luis Díaz Más (17):
Use ctime instead of time.h
Assume existence of stdint.h
Move winsock2 inclusion to http.cpp
WIN32_LEAN_AND_MEAN propagated with exiv2lib target
Include winsock2 at the beginning of http.cpp
Revert "change implementation of Exiv2::base64encode() to adopt implementation from same URL as base64decode()."
Hide exiv2-xmp dependency in CMake config file:
Use latest available version of Conan in CI
Hide zlib absolute path in cmake config file
Adding Ubuntu 18.04 & 20.04 to travis builds
CI: Special packages for Ubuntu 20.04
CI: Fix how we pass CMake options in travis
Modify strncpy0 to avoid warning
ci: use always pip3 for installing conan
ci: Use same travis jobs as in main (drop Ubuntu 16.04)
New mergify config file to forward changes to main
ci-travis: trying to fix valgrind build
Miloš Komarčević (40):
Remove EXIV2_EXT variable references
Remove remaining vestiges of binary_extension
Add more easy accessors for Exif & TIFF/EP overlap
Add DateTimeOriginal to easyaccess
Test cover for added easyaccess methods
Fix easyaccess-test
Preserve trailing space in test_easyaccess.py output
Fix CanonFi typo in man page
exiv2 pr uses easyaccess API (co-authored with clanmills)
actions: simplify print summary using easyaccess
Add some DNG related tag values
Fix syntax error, improve value name style
Add DNG CFALayout values
Also use existing light source pretty print for DNG
Update CalibrationIlluminant test
Add remaining DNG 1.3 tag values
Minor DNG related changes after review
Moved ambient tags to Exif only list, other refactoring
Complete DNG 1.4 spec support
Fix Pana tag typo and improve Fuji tag description
Add DNG 1.5 tags and values
Promote remaining SHORT/LONG tags default type
Pretty print PlanarConfig
Add DNG 1.6 support
Add DNG 1.6 test
Fix MinGW build for Ninja generator
Adding DNG 1.6 triple-illuminant calibration tags
Include HEIC type in docs
Minor whitespace formatting
Revert style changes
Terminate empty ASCII strings as well
Include HEIC type explicitly
Add comment and test case
Include a few more BMFF major brands
Add mif1 brand to heif mime type
Replace tabs to fix indentation issues
Fix readme typo
Check for symlinks when uninstalling
Match closing statement, doh
Update bmffimage.hpp include order and path (#1648)
Olli Lupton (2):
Add LensType entry for Olympus M.Zuiko Digital ED 17mm F1.2 Pro lens.
Add a test for PR 1375, checking the Olympus 17mm f/1.2 Pro lens is recognised correctly.
Peter Kovář (17):
[WIP] Add ISO/IEC Base Media File Format
Small corrections
[WIP] Added box types
[WIP] Base Media File Format
[WIP] Redefine tags
[WIP] Another try
[WIP] Correction
[WIP] 64-bit length
[WIP] Correction to make Travis CI happy
[WIP] Yet another type cast correction to make Travis CI happy
[WIP] Fixed Image Spatial Extents Property Handling
Corrected format string
Add CR3 image dimensions
Update README.md
Add artist tag
Revert "Add artist tag"
Remove executable bits from test data files
Pydera (1):
Fix out of buffer access in #1529
Robin Mills (179):
fix_1236_0.27
Reverting changes to test/icc-test.sh for investigation.
Fix correctly this time and tested with the user files. Test suite updated to use Reagan2.jp2
Fixed typo declaration of pad when writing ICC profile.
Update icc-test.out
Disable libiconv support when building with Visual Studio.
fix_1266_GPSProcessingMethod
fix_1268_GPSProcessingMethod
fix_solaris_stack_protection_0.27
fix_solaris_stack_protection_0.27
fix_1297_crwtest_linux_coverage This is a copy of master/.travis.yml to see what happens on the CI.
fix_cygwin_stack_protection_0.27
Second effort to unexpose winsock2.h from include <exiv2/exiv2.hpp> using EXIV2_BUILDING_EXIV2 mechanism.
Updated reference output. Well spotted, @piponazo.
Fixing previous incorrect commit.
fix_1353_mingw_toolchain_0.27
Exiv2/exiv2#1356 (comment)
fix_1393_iptc_tags_web_0.27
I hope I've made a better job of this at this attempt. I don't thing the "section" enum is of much importance. I don't believe anything in particular is done with with it.
Fix tag GPSHPositioningError to use printValue() pretty-printer.
Clarified definition and use of enum SectionId @kmilos: please review/approve.
Documentation revision in response to #1394
New profiles as documented in README-CONAN.md
Add ribbon to README-SAMPLES.md. Fixing typos.
Moved orphaned declaration of exifGPSDirRef.
Documented exiv2lib_export.h
Update script cmd64.bat following review by @tester0077
I hope this is the final change to this PR.
WIP #1402 rafimage::printStructure() improved formatting.
bumpRevision_0.27.4.9
WIP: working to understand how to support tiffIfd in tiffvisitor_int.cpp
Remove debugging code.
Add FujiIFD to TiffCreator::tiffGroupStruct_
Success. It's working!
Code/comment tidy.
Add to test harness.
Fix significant typo in cmd64.bat
Pointless change to trigger CI to build again.
Hoping for CI Contentment!
Calming Test Suite concerning Continuous and CropMode confusion.
fix_1431_binary_comment.
appveyor_mingw_0.27
Changed APPVEYOR_BUILD_WORKER_IMAGE
Try again.
One more time.
And another go.
Getting better.
Modify the path.
Might build this time.
Fix typo.
Run python_tests.
Reformmated.
Try again!
Debugging mingw.yml
Last change, I hope.
And another try.
And another.
Debugging mingw.yml
Debugging mingw.yml
More debugging.
Debugging
More debugging.
Only run python_tests
Try to build using Cygwin/64
Debugging cygwin/64
Cygwin
Cygwin: Add zlib and expat to install
Cygwin/64 install depedencies.
libexpat-devel
Use C++98 and run python tests.
Install pip
Trying to get pip to install.
Com'on pip3.
Install libxml2 and libxslt
python38-libxml2
Build and test both MinGW/msys2 and Cygwin64
Fix matrix syntax.
Try again.
Build Cygwin and MinGW in parallel.
Try again.
Fixing typo
Rename appveyor configuration file.
Modified install to only install what's required for BUILD
Restored 0.27.2 "toString()" behaviour of Exifdatum.value().toString() for CommentValue.
Fixing test suite.
Revert "Fixing test suite."
Revert "fix_1431_binary_comment."
Revert "Restored 0.27.2 "toString()" behaviour of Exifdatum.value().toString() for CommentValue."
Revert "Revert "fix_1431_binary_comment.""
Add test image.
Add test script.
Enhanced documentation formatting.
Fixing test suite. I've explained the changes in a note in the PR.
Fix image handler to give jp2image code higher priority than the next isobmff code.
Rename class ISOBMFF => class bmffImage to match other image handlers. Removed C++11 style code. Removed unused code.
Fixing Linux build/test issues.
Fix Linux build-breaker when ENABLE_ISOBMFF=False and EXIV2_TEAM_WARNINGS_AS_ERRORS=On
Modified ci/install.sh to install cmake before dependencies.
fix_1464_sony2010e Fix c++ code
fix_1464_sony2010e Add test file and test script
fix_1464_sony2010e test script
fix_1471_sony2010_0.27
Test suite update.
Change test suite timeout.
C++ simplification.
WIP: Refactored readMetadata() into recursive boxHandler()
Fixing a build breaker.
Fix linux/CI build breaker.
Fix msvc/CI build breakers.
Fix linux/CI build breaker.
Fixing warnings from LGTM/CI.
More fixes for LGTM/CI warnings.
WIP: Added class Iloc and related code.
Fixed recursion issue in the meta box.
Tidying up. 1. pixelHeight_. 2. refactored indenter() -> indent(). 3. EXIV2_DEBUG_MESSAGES outputs to std::cerr
Updating .gitignore.
Parse Exif in .HEIC/.AVIF
Cleanup. 1. Recursively process uuid/cano box. 2. Fix LGTM/CI sprintf grumbles. 3. Comment parseTiff() in bmffimage.hpp.
Tidy up. Rename Tag::cr3_exif -> Tag:cmt2
Revised following code review by @hassec. Thank You, Christoph.
Remove bmffimage::printStructure() as discussed in review with @hassec. Corpse removal and cleanup in bmpfimage.hpp
Added parseXmp() to parse Xmp metadata.
Fix .CR3 files to call parseXmp().
Rename test image.
WIP: adding BmffImage::printStructure() and support for colr box.
Cosmetic change to -pR/-pS output.
Adding HIF tests.
Fix MSVC build breaker and modify test_pr_1475_HIF.py to run on Windows.
Renamed a test file.
Test suite updates.
Add SECURITY.md and reference it from the Security Tab in the GitHub Web UI.
Following review by @hassec, I use static base64_encoding vector in both Exiv2::base64encode() and Exiv2::base64decode().
Move system_tests.runTest() and system_tests.verbose_version() to system_tests.BT
fix_1486_effort2 Exiv2/exiv2#1486 (comment)
use raise from test_pr1475*.py
Add unit_tests to suite.conf
Add python scripts equivalent to test/version_test.sh and unit_test.sh
Refactor CMakeList.txt to run all tests using tests/runner.py
Add test/ReadMe.txt
Fix typos.
Fix comments.
Fix LD_LIBRARY_PATH. Add option arg raw=False to runTest() Use raw=True in unit_test.py.
Sniff for unit_tests.exe!
Better logic and error message.
exiv2_v27_4_rc1
exiv2 --verbose --version was reporting have_strerror_r twice!
Massive code prolog cleanup.
Exiv2 v0.27.4 RC1 Preview.
v27_4_rc1_effort2
Updated the user documents. Most changes relate to running the test suite.
Add optional parameter forgive=False to reportTest() for use by nls_test to avoid false fails.
Downgrade version to 0.27.4.10 = 0.27.4 RC1 Preview.
Fixing typos.
Bump revision number to Exiv2 v0.27.4 RC1. PR will be marked for review.
Clarify bmff suppport as readonly.
Set LD_LIBRARY_PATH to run bundled bin/exiv2.
Push change in PR #1500. Thank you @kmilos.
Update releasenotes.txt with more credit for Milos (and trigger macOS/CI which is red). All platform build on MacMini.
fix_1507_avif_size0x0
Documentation Update (as discussed in #1508)
Use the documented 5 line prolog in every sample application. Tidy up sample prologs and header code.
fix_1508_enableBMMF_effort2
Add test script.
fix_1504_metacopy_optstring
fix_1503_JXL_bmff
Added test file and script.
Fix build breaker in test_issue_1503.py.
fix_1522_jp2image_exif_asan
test fix_1522_jp2image_exif_asan
update_README_localisation
v0.27.4RC2
v0.27.4 RC2 Release Notes.
bump_release_number_0.37.4.39
fix_enableBMFF
Bump version number.
Update releasenotes.txt
update changelog
fix_broken_man_page
v0.27.4
Thomas Petazzoni (1):
Properly detect availability of flags in cmake/compilerFlags.cmake (#1252)
clanmills (78):
fix_1276_BUILD_PO_0.27
Do not build WebReady with Visual Studio.
Build with C++11
Disable coverage (see #1297)
Tweak conversion.sh for TZ conversion error in MSVC.
Fix #1300
Use ubuntu on CI
Remove .. from CMAKE_OPTIONS.
-CMAKE_CXX_STANDARD=98 and Disable UNIT_TESTS.
Simplify ci/run.sh
Don't use ASAN on CI.
-DCMAKE fix. Thanks @piponazo
Disable Fedora/CentOS/Archlinux on gitlab/CI.
fix 1307 ASAN issues with RemoteIo
fix_1329_remove_bigtiff_0.27
Remove bigtiffimage.hpp from include/exiv2/CMakeLists.txt
Fix: https://travis-ci.org/github/Exiv2/exiv2/jobs/730867927
run_stdin-test.sh_0.27
fix_1335_winsock2_0.27
pythonic_bash_ci_0.27
temporarily disable stdin-test and webp-test to get the CI operational again.
nls-test script and reference file.
Makefile updated to run nls-test.sh as part of bash_tests
Adding test files to test suite.
Script and reference file changes.
Adding test files and bash script/reference-output
Code changes
C++ changes requested by @piponazo. Fix python png_test() recommended by @LeoHsiao1. Update reference output.
Enable CentOS on gitLab-ci.
Adding test files to test suite.
Script and reference file changes.
Temporarily neuter DEXIV2_TEAM_USE_SANITIZERS to get CentOS to build.
Revert the last two changes. GitLab/centOS makes no sense. Will build on MacMini.
Fix compiling http.cpp and reinstate centOS on gitLab.
Disable centOS on CI. The web-server goes crazy althought this doesn't happen in the terminal on centOS.
Fixing variable LANG
replace base64encode in src/futils.cpp
change implementation of Exiv2::base64encode() to adopt implementation from same URL as base64decode().
Add +x (execute) attribute to shell scripts.
Fix handling of environment string VERBOSE
Don't set --verbose in makefile. Don't treat exiv2_echo == VERBOSE.
Fixing VERBOSE in environment (args.verbose==2 when set. args.verbose==0 when not set).
Fixing EXIV2_PORT on MinGW/msys2.
Disable OpenSUSE on CI. It's complaining about being unable to install the correct version of curl.
Adding support for environment strings EXIV2_HTTP and EXIV2_PORT
Adding support for VALGRIND and EXIV2_BINDIR
Disable exiv2 option --binary
Adding python test
Updating man page.
fix_929_exif2.31_0.27
Fix python test breaker
Fixing exiv2-test.sh message when test/tmp is empty.
Adding test images.
Changed CI build default -DEXIV2_ENABLE_BMFF=On. Fixed suite to run with/without bmff. -pS and -pR same for bmff.
Added 2.19 Support for bmff files
Updated for bmff.
Re-awaken obsolete command-line argument --binary and store class Task.
refactored setModeAndPrintStructure() to respect class Task.binary_ when printing ICC profiles.
Minor corrections and clarification concerning enableBMFF().
Fix box.length == to use bigEndian decode! Fix toAscii() to emit on ascii 32-127 bytes.
Test suite update.
With good fortune, bmffimage is ready for review.
Replaced the ugly code in Exiv2::base64encode() and update the test suite.
Fix Linux build breakers.
Replaced Exiv2::base64encode() because last effort failed unit test on msvc.
This should be it. Test suite fixed.
Trick to avoid msvc issue with final line of base64 data.
Fix ICC profile handling (my bad, iOS files are correct).
Restoring i < dataLength trigraph that I should not have removed.
Restore -pC --binary to output everything. Test suite updated to suit.
Fix #1358. This should be in a different PR. Keep changes to base64 encode/decode together.
Another effort to fix base64decode and associated unit test.
Updated to adopt Review suggestions by @kmilos. Thank You, Milos.
Fix msvc build breaker.
Thank You @piponazo for the code review. I've made the changes you requested.
Following review by @piponazo, I am clarifying the bool return from Exiv2::enableBMFF().
fix_1473_LocationShown
Exiv2/exiv2#1486 (comment)
czgnp (3):
Update canonmn_int.cpp
and a test case for Python
and the test files
evanokeeffe (1):
found a bug in metacopy, the -x parameter wasn't in the optstring. rectified that
hanno@schwalm-bremen.de (3):
Adding support for DefaultUserCrop and BaselineExposureOffset
Fix typo and remove empty line.
Revert exv commit and remove empty line.
postscript-dev (7):
Add missing "Xmp" to project description
Update PACKAGE_URL and PROJECT_DESCRIPTION text
Fix langAltValue::read() parsing
Add static to LangAltValue::read() const values
Change LangAltValue::read() tests to unitTests
Fix spelling mistakes in LangAltValue::read()
Update exiv2 man page - langAlt format
tbeu (1):
Fix write ability flags of PSD files (#1260)
|
CVE-2021-31292 has been assigned for this issue. |
VERSION
exiv 2 0.27.4.1
https://github.com/Exiv2/exiv2/tree/0.27-maintenance
REPRODUCE
Compile exiv2 with asan:
Dowload testcases:
https://github.com/henices/pocs/raw/master/tests_1bd0a5f4935b053f33ac00f931dde1f47a043487
https://github.com/henices/pocs/raw/master/tests_1bd0a5f4935b053f33ac00f931dde1f47a043487.exv
Run command:
exiv2 in tests_1bd0a5f4935b053f33ac00f931dde1f47a043487Credit: Zhen Zhou of NSFOCUS Security Team
The text was updated successfully, but these errors were encountered: