exiv2-0.27.0-3.el7

エラータID: AXSA:2020-626:01

Release date: 
Thursday, October 8, 2020 - 00:04
Subject: 
exiv2-0.27.0-3.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments.

Security Fix(es):

* exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size check (CVE-2019-17402)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-17402
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. exiv2-0.27.0-3.el7.src.rpm
    MD5: c290d78fc1dfa447cde8807066b5d2b7
    SHA-256: abfa96fcc85e6ddace0bc4139ebcd19eeda51d75b5243f39fb0397d968543f94
    Size: 25.91 MB

Asianux Server 7 for x86_64
  1. exiv2-0.27.0-3.el7.x86_64.rpm
    MD5: 827450dd0a5ad73315f5e579328794bf
    SHA-256: 6e772906a33e7da443df925dce21fb8b450d2e19ef790c6df48602a4cfb4e7df
    Size: 921.56 kB
  2. exiv2-devel-0.27.0-3.el7.x86_64.rpm
    MD5: 132e95ea9ac88d04d56ba65237e01d44
    SHA-256: deab16aed824fd9ffae88e004626bce1711697155c1ae1c61cf394b150ad6aa2
    Size: 236.48 kB
  3. exiv2-doc-0.27.0-3.el7.noarch.rpm
    MD5: bc2fc2333b5d4ac948d48015b4f563e7
    SHA-256: eafc9d12040d27f1ed797367eb4465f479d828e436f21e7d11b470b14e7d1b21
    Size: 2.48 MB
  4. exiv2-libs-0.27.0-3.el7.x86_64.rpm
    MD5: 143d1f65c28379755a50e52c35237f60
    SHA-256: 8d3762ed1c4ef761f60dfd7bc8c852ce622134d3044fd8e1b505ac344b2bebb8
    Size: 796.14 kB
  5. exiv2-devel-0.27.0-3.el7.i686.rpm
    MD5: 56dbe5ab45dca987d6e9f17753941de0
    SHA-256: fc494474df8f38e5fbfd9b17471cb6f7554372eacbb4a5fda4189688647bb6f9
    Size: 237.30 kB
  6. exiv2-libs-0.27.0-3.el7.i686.rpm
    MD5: f7a37fde32bfb4caebfd4248faa4e57e
    SHA-256: f4eb2ae7629d26009287260bb4db358b8fd14d456b022727a0bbacf844b247c1
    Size: 785.89 kB