UbuntuUpdates.org

Package "libexiv2-27"

Name: libexiv2-27

Description:

EXIF/IPTC/XMP metadata manipulation library
Latest version: 0.27.6-1ubuntu0.3
Release: noble (24.04)
Level: updates
Repository: main
Head package: exiv2
Homepage: https://www.exiv2.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libexiv2-27"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libexiv2-27" in Noble

Repository Area Version
base main 0.27.6-1build1
security main 0.27.6-1ubuntu0.3

Changelog

Version: 0.27.6-1ubuntu0.3 2026-03-19 21:08:16 UTC

  exiv2 (0.27.6-1ubuntu0.3) noble-security; urgency=medium

  * SECURITY REGRESSION: Segmentation Fault (LP: #2144731)
   - Remove CVE-2025-55304 patches due to intrusive changes causing
     a segmentation fault
   - CVE-2025-55304

 -- Bruce Cable <email address hidden> Thu, 19 Mar 2026 09:54:48 +1100
Source diff to previous version
2144731 Multiple image apps (Gwenview, GIMP, gThumb) crashes when pasting/open image after libexiv2 upgrade
CVE-2025-55304 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was f

Version: 0.27.6-1ubuntu0.1 2026-03-18 15:08:03 UTC

  exiv2 (0.27.6-1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: Out of Bounds Read
    - debian/patches/CVE-2026-25884.patch: Fix out-of-bounds read
    - debian/patches/CVE-2026-27596.patch: Check for integer overflow.
    - CVE-2026-25884
    - CVE-2026-27596
  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2025-54080.patch: Better bounds checking
    - debian/patches/CVE-2026-27631.patch: Check for integer overflow
    - debian/patches/CVE-2025-55304-1.patch: Add new method
      appendIccProfile to fix quadratic performance issue
    - debian/patches/CVE-2025-55304-2.patch: Fix docstring
    - CVE-2025-54080
    - CVE-2026-27631
    - CVE-2025-55304

 -- Bruce Cable <email address hidden> Fri, 13 Mar 2026 19:21:48 +1100
CVE-2026-25884 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8,
CVE-2026-27596 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8,
CVE-2025-54080 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was
CVE-2026-27631 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8,
CVE-2025-55304 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was f


About   -   Send Feedback to @ubuntu_updates