diff --git a/CVE-2025-54080.patch b/CVE-2025-54080.patch new file mode 100644 index 0000000000000000000000000000000000000000..fb0244feb5a57937a0782df7e134613a3b61aeec --- /dev/null +++ b/CVE-2025-54080.patch @@ -0,0 +1,81 @@ +From f02c970ae56e6e377f7f79ba9e8edb5f2d23f48d Mon Sep 17 00:00:00 2001 +From: Kevin Backhouse +Date: Tue, 29 Jul 2025 18:58:46 +0100 +Subject: [PATCH] Better bounds checking to fix + https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39 + +Origin: https://github.com/Exiv2/exiv2/commit/f02c970ae56e6e377f7f79ba9e8edb5f2d23f48d + +--- + src/epsimage.cpp | 35 +++++++++++------------------------ + 1 file changed, 11 insertions(+), 24 deletions(-) + +diff --git a/src/epsimage.cpp b/src/epsimage.cpp +index 79402e6..7343104 100644 +--- a/src/epsimage.cpp ++++ b/src/epsimage.cpp +@@ -28,6 +28,7 @@ + #include "config.h" + + #include "epsimage.hpp" ++#include "enforce.hpp" + #include "image.hpp" + #include "basicio.hpp" + #include "error.hpp" +@@ -268,18 +269,15 @@ namespace { + uint32_t posTiff = 0; + uint32_t sizeTiff = 0; + ++ ErrorCode errcode = write ? ErrorCode::kerImageWriteFailed : ErrorCode::kerFailedToReadImageData; ++ + // check for DOS EPS + const bool dosEps = (size >= dosEpsSignature.size() && memcmp(data, dosEpsSignature.data(), dosEpsSignature.size()) == 0); + if (dosEps) { + #ifdef DEBUG + EXV_DEBUG << "readWriteEpsMetadata: Found DOS EPS signature\n"; + #endif +- if (size < 30) { +- #ifndef SUPPRESS_WARNINGS +- EXV_WARNING << "Premature end of file after DOS EPS signature.\n"; +- #endif +- throw Error(write ? kerImageWriteFailed : kerFailedToReadImageData); +- } ++ enforce(size >= 30, errcode); + posEps = getULong(data + 4, littleEndian); + posEndEps = getULong(data + 8, littleEndian) + posEps; + posWmf = getULong(data + 12, littleEndian); +@@ -309,24 +307,13 @@ namespace { + #endif + if (write) throw Error(kerImageWriteFailed); + } +- if (posEps < 30 || posEndEps > size) { +- #ifndef SUPPRESS_WARNINGS +- EXV_WARNING << "DOS EPS file has invalid position (" << posEps << ") or size (" << (posEndEps - posEps) << ") for EPS section.\n"; +- #endif +- throw Error(write ? kerImageWriteFailed : kerFailedToReadImageData); +- } +- if (sizeWmf != 0 && (posWmf < 30 || posWmf + sizeWmf > size)) { +- #ifndef SUPPRESS_WARNINGS +- EXV_WARNING << "DOS EPS file has invalid position (" << posWmf << ") or size (" << sizeWmf << ") for WMF section.\n"; +- #endif +- if (write) throw Error(kerImageWriteFailed); +- } +- if (sizeTiff != 0 && (posTiff < 30 || posTiff + sizeTiff > size)) { +- #ifndef SUPPRESS_WARNINGS +- EXV_WARNING << "DOS EPS file has invalid position (" << posTiff << ") or size (" << sizeTiff << ") for TIFF section.\n"; +- #endif +- if (write) throw Error(kerImageWriteFailed); +- } ++ enforce(30 <= posEps, errcode); ++ enforce(sizeWmf == 0 || 30 <= posWmf, errcode); ++ enforce(sizeTiff == 0 || 30 <= posTiff, errcode); ++ ++ enforce(posEps <= posEndEps && posEndEps <= size, errcode); ++ enforce(posWmf <= size && sizeWmf <= size - posWmf, errcode); ++ enforce(posTiff <= size && sizeTiff <= size - posTiff, errcode); + } + + // check first line +-- +2.51.0 + diff --git a/exiv2.spec b/exiv2.spec index 913883bb93307ec41f400de648a0ab2530ec2ce2..da37acc7b70464879c2b00d099a983a3f7b44a43 100644 --- a/exiv2.spec +++ b/exiv2.spec @@ -1,12 +1,13 @@ Name: exiv2 Version: 0.27.5 -Release: 3 +Release: 4 Summary: Exif, IPTC and XMP metadata and the ICC Profile License: GPLv2+ URL: http://www.exiv2.org/ Source0: https://github.com/Exiv2/exiv2/archive/refs/tags/v%{version}.tar.gz Patch0001: CVE-2022-3755.patch Patch0002: CVE-2022-3756.patch +Patch0003: CVE-2025-54080.patch Provides: exiv2-libs Obsoletes: exiv2-libs @@ -78,6 +79,9 @@ test -x %{buildroot}%{_libdir}/libexiv2.so %{_pkgdocdir}/ %changelog +* Mon Sep 01 2025 wangkai <13474090681@163.com> - 0.27.5-4 +- Fix CVE-2025-54080 + * Thu Nov 10 2022 jiangpeng - 0.27.5-3 - Fix CVE-2022-3755 CVE-2022-3756