exiv2-0.27.3-2.el8

Release date:

Monday, June 14, 2021 - 13:33

Subject:

exiv2-0.27.3-2.el8

Affected Channels:

Asianux Server 8 for x86_64

Severity:

Low

Description:

The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments.

The following packages have been upgraded to a later upstream version: exiv2 (0.27.3).

Security Fix(es):

* exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size check (CVE-2019-17402)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-17402
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

Solution:

Update packages.

CVEs:

CVE-2019-17402
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

Additional Info:

N/A

Download:

SRPMS

exiv2-0.27.3-2.el8.src.rpm
MD5: e2ab58b795012a817984b1e227891cf3
SHA-256: 2d0812382ade1947e84389e5d7c4d14e8a3e351d6a0619a73bb60da9f43b9bfb
Size: 24.98 MB

Asianux Server 8 for x86_64

exiv2-0.27.3-2.el8.x86_64.rpm
MD5: 886b1d8b507af98f9743991bcf716c39
SHA-256: 6ee63a73e59f8fe503e6ecb2088c27f714478fb93e8215f33099c2ebf756adf7
Size: 1.00 MB
exiv2-libs-0.27.3-2.el8.x86_64.rpm
MD5: d6f3cfdb20976d426637854f3609f474
SHA-256: cf49d1b5bfc3789da542148925729de93f20f11b8245c62574eee853d34ca6b3
Size: 855.18 kB
exiv2-libs-0.27.3-2.el8.i686.rpm
MD5: 4cf284a91dc409fab736b65e79dfbbc9
SHA-256: 5e544ebc4df084ad4fd405f4b6dfbb08f985b7a404db28823c53ae8170b220e6
Size: 889.92 kB

Main menu

You are here