Package "exiv2"
Name: |
exiv2
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- EXIF/IPTC/XMP metadata manipulation library
- EXIF/IPTC/XMP metadata manipulation library - debug
- EXIF/IPTC/XMP metadata manipulation library - development files
- EXIF/IPTC/XMP metadata manipulation library - HTML documentation
|
Latest version: |
0.25-2.1ubuntu16.04.6 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
main |
Links
Other versions of "exiv2" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
exiv2 (0.25-2.1ubuntu16.04.6) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-20421.patch: fix_1011_jp2_readmetadata_loop
in src/jp2image.cpp.
- CVE-2019-20421
-- <email address hidden> (Leonidas S. Barbosa) Tue, 04 Feb 2020 11:42:12 -0300
|
Source diff to previous version |
CVE-2019-20421 |
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote |
|
exiv2 (0.25-2.1ubuntu16.04.5) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-17402.patch: check offset and size
against total size in src/crwimage.cpp.
- CVE-2019-17402
-- <email address hidden> (Leonidas S. Barbosa) Wed, 16 Oct 2019 16:29:07 -0300
|
Source diff to previous version |
CVE-2019-17402 |
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in cr |
|
exiv2 (0.25-2.1ubuntu16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
in src/enforce.hpp, use safe:add for preventing overflows in
PSD files and enforce length of image resource
section < file size in src/psdimage.cpp.
- CVE-2018-19107
- CVE-2018-19108
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19535-*.patch: fixes in
PngChunk::readRawProfile in src/pngchunk.cpp.
- CVE-2018-19535
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13110.patch: avoid integer overflow
in src/crwimage.cpp.
- CVE-2019-13110
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13112.patch: add bound check
on allocation size in src/pngchunk.cpp.
- CVE-2019-13112
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13113.patch: throw an exception
if the data location is invalid in src/crwimage.cpp,
src/crwimage_int.hpp.
- CVE-2019-13113
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13114.patch: avoid null pointer
exception due to NULL return from strchr in src/http.cpp.
- CVE-2019-13114
* Add error codes from src error in order to support CVE-2018-19535
- debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
-- <email address hidden> (Leonidas S. Barbosa) Wed, 10 Jul 2019 15:58:32 -0300
|
Source diff to previous version |
CVE-2018-19107 |
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-bas |
CVE-2018-19108 |
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an |
CVE-2018-19535 |
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-base |
CVE-2019-13110 |
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSE |
CVE-2019-13112 |
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an |
CVE-2019-13113 |
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image fil |
CVE-2019-13114 |
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a c |
|
exiv2 (0.25-2.1ubuntu16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-11591.patch: fix in
include/exiv2/value.hpp.
- CVE-2017-11591
* SECURITY UPDATE: Remote denial of service
- debian/patches/CVE-2017-11683.patch: fix in
src/tiffvisitor.cpp.
- CVE-2017-11683
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-14859_14862_14864.patch: fix in
src/error.cpp, src/tiffvisitor.cpp.
- CVE-2017-14859
- CVE-2017-14862
- CVE-2017-14864
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-17669.patch: fix in
src/pngchunk.cpp.
- CVE-2017-17669
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-9239.patch: fix in
src/tiffcomposite.cpp.
- CVE-2017-9239
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-17581.patch: fix in
src/crwimage.cpp.
- CVE-2018-17581
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-16336*.patch: fix in
src/pngchunk.cpp.
- CVE-2018-16336
* Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.
-- <email address hidden> (Leonidas S. Barbosa) Tue, 08 Jan 2019 14:58:44 -0300
|
Source diff to previous version |
CVE-2017-11591 |
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted in |
CVE-2017-11683 |
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denia |
CVE-2017-14859 |
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentat |
CVE-2017-14862 |
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fa |
CVE-2017-14864 |
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and |
CVE-2017-17669 |
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file w |
CVE-2017-9239 |
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value o |
CVE-2018-17581 |
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of se |
CVE-2018-16336 |
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a craf |
CVE-2018-10958 |
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUnc |
|
exiv2 (0.25-2.1ubuntu16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: denial of service through memory exhaustion
and a heap-based buffer over-read
- debian/patches/CVE-2018-10958_10999*.patch
- CVE-2018-10958
- CVE-2018-10999
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-10998.patch
- CVE-2018-10998
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/CVE-2018-11531*.patch
- CVE-2018-11531
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-12264.patch
- CVE-2018-12264
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-12265*.patch
- CVE-2018-12265
-- <email address hidden> (Leonidas S. Barbosa) Fri, 29 Jun 2018 10:31:21 -0300
|
CVE-2018-10958 |
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUnc |
CVE-2018-10999 |
An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. |
CVE-2018-10998 |
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an i |
CVE-2018-11531 |
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. |
CVE-2018-12264 |
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value. |
CVE-2018-12265 |
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. |
|
About
-
Send Feedback to @ubuntu_updates