Overview

File _patchinfo of Package patchinfo.26842

<patchinfo incident="26842">
 <issue tracker="cve" id="2021-32815"/>
  <issue tracker="cve" id="2018-20098"/>
  <issue tracker="cve" id="2018-20097"/>
  <issue tracker="cve" id="2019-13110"/>
  <issue tracker="cve" id="2021-29473"/>
  <issue tracker="cve" id="2019-13109"/>
  <issue tracker="cve" id="2018-17581"/>
  <issue tracker="cve" id="2019-17402"/>
  <issue tracker="cve" id="2018-20099"/>
  <issue tracker="cve" id="2018-11531"/>
  <issue tracker="cve" id="2017-11591"/>
  <issue tracker="bnc" id="1189337">VUL-1: CVE-2021-32815: exiv2: exiv2: DoS due to assertion failure in crwimage_int.cpp</issue>
  <issue tracker="bnc" id="1142678">VUL-1: CVE-2019-13110: exiv2: exiv2: integer-overflow and out-of-bounds read in CiffDirectory:readDirectory leads to denail of service</issue>
  <issue tracker="bnc" id="1119560">VUL-1: CVE-2018-20098: exiv2: heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header</issue>
  <issue tracker="bnc" id="1186231">VUL-1: CVE-2021-29473: exiv2: out-of-bounds read in Exiv2:Jp2Image:doWriteMetadata</issue>
  <issue tracker="bnc" id="1153577">VUL-1: CVE-2019-17402: exiv2:improper validation of the total size to the offset and size leads to a crash in  Exiv2::getULong in types.cpp</issue>
  <issue tracker="bnc" id="1095070">VUL-1: CVE-2018-11531: exiv2: heap-based buffer overflow in getData in preview.cpp</issue>
  <issue tracker="bnc" id="1119559">VUL-1: CVE-2018-20099: exiv2: infinite loop in Exiv2::Jp2Image::encodeJp2Header</issue>
  <issue tracker="bnc" id="1050257">VUL-0: CVE-2017-11591: exiv2: Floating point exception in Exiv2::ValueType</issue> 
  <issue tracker="bnc" id="1110282">VUL-1: CVE-2018-17581: exiv2: CiffDirectory:readDirectory() at crwimage_int.cpp has excessive stack consumption</issue>
  <issue tracker="bnc" id="1142677">VUL-1: CVE-2019-13109: exiv2: denial of service in PngImage:readMetadata</issue>
  <issue tracker="bnc" id="1119562">VUL-1: CVE-2018-20097: exiv2: SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups</issue>  
  <packager>dirkmueller</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for exiv2</summary>
  <description>This update for exiv2 fixes the following issues:

- CVE-2019-13110: Fixed an integer-overflow and out-of-bounds read in CiffDirectory:readDirectory leads to denail of service (bsc#1142678).
- CVE-2019-13109: Fixed a denial of service in PngImage:readMetadata (bsc#1142677).
- CVE-2018-17581: Fixed an excessive stack consumption CiffDirectory:readDirectory() at crwimage_int.cpp (bsc#1110282).
- CVE-2017-11591: Fixed a floating point exception in Exiv2::ValueType (bsc#1050257).
- CVE-2019-17402: Fixed an improper validation of the total size to the offset and size leads to a crash in Exiv2::getULong in types.cpp (bsc#1153577).
- CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337).
- CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562).
- CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231).
- CVE-2018-20098: Fixed a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header (bsc#1119560).
- CVE-2018-11531: Fixed a heap-based buffer overflow in getData in preview.cpp (bsc#1095070).
- CVE-2018-20099: exiv2: infinite loop in Exiv2::Jp2Image::encodeJp2Header (bsc#1119559).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places