File _patchinfo of Package patchinfo.26639

<patchinfo incident="26639">
  <issue tracker="cve" id="2021-29473"/>
  <issue tracker="cve" id="2019-13112"/>
  <issue tracker="cve" id="2021-29457"/>
  <issue tracker="cve" id="2021-32815"/>
  <issue tracker="cve" id="2021-37620"/>
  <issue tracker="cve" id="2021-31291"/>
  <issue tracker="cve" id="2021-34334"/>
  <issue tracker="cve" id="2018-20097"/>
  <issue tracker="bnc" id="1189332">VUL-1: CVE-2021-37620: exiv2: exiv2: out-of-bounds read in XmpTextValue:read()</issue>
  <issue tracker="bnc" id="1188733">VUL-0: CVE-2021-31291: exiv2: A heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata</issue>
  <issue tracker="bnc" id="1142681">VUL-0: CVE-2019-13112: exiv2: uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service</issue>
  <issue tracker="bnc" id="1189337">VUL-1: CVE-2021-32815: exiv2: exiv2: DoS due to assertion failure in crwimage_int.cpp</issue>
  <issue tracker="bnc" id="1119562">VUL-1: CVE-2018-20097: exiv2: SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups</issue>
  <issue tracker="bnc" id="1185002">VUL-0: CVE-2021-29457: exiv2: heap buffer overflow when write metadata into a crafted image file</issue>
  <issue tracker="bnc" id="1189338">VUL-0: CVE-2021-34334: exiv2: exiv2: DoS due to integer overflow in loop counter</issue>
  <issue tracker="bnc" id="1186231">VUL-1: CVE-2021-29473: exiv2: out-of-bounds read in Exiv2:Jp2Image:doWriteMetadata</issue>
  <packager>dirkmueller</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for exiv2</summary>
  <description>This update for exiv2 fixes the following issues:

- CVE-2019-13112: Fixed an uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service. (bsc#1142681)
- CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read(). (bsc#1189332)
- CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter. (bsc#1189338)
- CVE-2021-31291: Fixed a heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata (bsc#1188733).
- CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337).
- CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562).
- CVE-2021-29457: Fixed a heap buffer overflow when write metadata into a crafted image file (bsc#1185002).
- CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231).
</description>
</patchinfo>