UbuntuUpdates.org

Package "exiv2"

Name: exiv2

Description:

EXIF/IPTC/XMP metadata manipulation tool
Latest version: 0.28.5+dfsg-1ubuntu0.3
Release: questing (25.10)
Level: security
Repository: universe
Homepage: https://www.exiv2.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "exiv2"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "exiv2" in Questing

Repository Area Version
base main 0.28.5+dfsg-1
base universe 0.28.5+dfsg-1
security main 0.28.5+dfsg-1ubuntu0.3
updates universe 0.28.5+dfsg-1ubuntu0.3
updates main 0.28.5+dfsg-1ubuntu0.3

Changelog

Version: 0.28.5+dfsg-1ubuntu0.3 2026-03-19 12:08:06 UTC

  exiv2 (0.28.5+dfsg-1ubuntu0.3) questing-security; urgency=medium

  * SECURITY REGRESSION: Segmentation Fault (LP: #2144731)
   - Remove CVE-2025-55304 patches due to intrusive changes causing
     a segmentation fault
   - CVE-2025-55304

 -- Bruce Cable <email address hidden> Thu, 19 Mar 2026 10:13:42 +1100
Source diff to previous version
2144731 Multiple image apps (Gwenview, GIMP, gThumb) crashes when pasting/open image after libexiv2 upgrade
CVE-2025-55304 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was f

Version: 0.28.5+dfsg-1ubuntu0.1 2026-03-18 07:08:11 UTC

  exiv2 (0.28.5+dfsg-1ubuntu0.1) questing-security; urgency=medium

  * SECURITY UPDATE: Out of Bounds Read
    - debian/patches/CVE-2026-25884.patch: Fix out-of-bounds read
    - debian/patches/CVE-2026-27596.patch: Check for integer overflow.
    - CVE-2026-25884
    - CVE-2026-27596
  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2025-54080.patch: Better bounds checking
    - debian/patches/CVE-2026-27631.patch: Check for integer overflow
    - debian/patches/CVE-2025-55304-1.patch: Add new method
      appendIccProfile to fix quadratic performance issue
    - debian/patches/CVE-2025-55304-2.patch: Fix docstring
    - CVE-2025-54080
    - CVE-2026-27631
    - CVE-2025-55304

 -- Bruce Cable <email address hidden> Fri, 13 Mar 2026 19:21:58 +1100
CVE-2026-25884 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8,
CVE-2026-27596 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8,
CVE-2025-54080 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was
CVE-2026-27631 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8,
CVE-2025-55304 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was f


About   -   Send Feedback to @ubuntu_updates