Package "exiv2"
| Name: |
exiv2
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- EXIF/IPTC/XMP metadata manipulation library
- EXIF/IPTC/XMP metadata manipulation library - debug
- EXIF/IPTC/XMP metadata manipulation library - development files
- EXIF/IPTC/XMP metadata manipulation library - HTML documentation
|
| Latest version: |
0.25-3.1ubuntu0.18.04.11 |
| Release: |
bionic (18.04) |
| Level: |
updates |
| Repository: |
main |
Links
Other versions of "exiv2" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
|
exiv2 (0.25-3.1ubuntu0.18.04.11) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32815-*.patch: adds a check of sizes
adds msgs prints for DEBUG flags in
src/crwimage_int.cpp.
- CVE-2021-32815
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-34334-*.patch: adds
an extra checking to prevent the loop counter from wrapping around in
crwimage.cpp; changes type of escapeStart to size_t in src/exiv2.cpp;
- CVE-2021-34334
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37620-*.patch:
check that type isn't an empty string in src/values.cpp and
adds safer vector indexing in multiples files in src/*.
- CVE-2021-37620
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2021-37622-*.patch: makes sure
that read is complete to prevent infinite loop and remove dedundant
check in src/jpgimage.cpp.
- CVE-2021-37622
* debian/patches/fix_enforce_include.patch: includes enforce in
crwimage.cpp.
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 16 Aug 2021 12:16:38 -0300
|
| Source diff to previous version |
| CVE-2021-32815 |
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is t |
| CVE-2021-34334 |
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is trigge |
| CVE-2021-37620 |
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was |
| CVE-2021-37622 |
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found |
|
|
exiv2 (0.25-3.1ubuntu0.18.04.10) bionic-security; urgency=medium
* SECURITY UPDATE: Buffer Overflow
- debian/patches/CVE-2021-31291.patch: fix out of buffer checking limit
and throw exception in case box is broken in src/jp2image.cpp.
- CVE-2021-31291
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 28 Jul 2021 14:45:08 -0300
|
| Source diff to previous version |
| CVE-2021-31291 |
A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service (DOS) via crafted metadata. |
|
|
exiv2 (0.25-3.1ubuntu0.18.04.9) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-29473.patch: Add bounds check in
Jp2Image::doWriteMetadata() in src/jp2image.cpp.
- CVE-2021-29473
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug
in xmpsdk/src/XMPMeta-Parse.cpp.
- CVE-2021-32617
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 May 2021 12:10:13 -0300
|
| Source diff to previous version |
| CVE-2021-29473 |
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was |
| CVE-2021-32617 |
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm ( |
|
|
exiv2 (0.25-3.1ubuntu0.18.04.7) bionic-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-3482.patch: fix buffer overflow
in src/jp2image.cpp.
- CVE-2021-3482
* SECURITY UPDATE: An out of buffer access
- debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp
(LP: #1923479)
- CVE-2021-29457
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp
(LP: #1923479)
- CVE-2021-29458
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 13 Apr 2021 13:24:50 -0300
|
| Source diff to previous version |
| 1923479 |
out of buffer access and Integer overflow in Exiv2 |
| CVE-2021-3482 |
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetada |
| CVE-2021-29457 |
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was |
| CVE-2021-29458 |
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was |
|
|
exiv2 (0.25-3.1ubuntu0.18.04.5) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-20421.patch: fix_1011_jp2_readmetadata_loop
in src/jp2image.cpp.
- CVE-2019-20421
-- <email address hidden> (Leonidas S. Barbosa) Tue, 04 Feb 2020 12:37:33 -0300
|
| CVE-2019-20421 |
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote |
|
About
-
Send Feedback to @ubuntu_updates
