Overview

File _patchinfo of Package patchinfo.26338

<patchinfo incident="26338">
  <issue tracker="bnc" id="1142675">VUL-1: CVE-2019-13108: exiv2: integer overflow PngImage:readMetadata leads to denial of service</issue>
  <issue tracker="bnc" id="1188733">VUL-0: CVE-2021-31291: exiv2: A heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata</issue>
  <issue tracker="bnc" id="1068871">VUL-1: CVE-2017-1000128: exiv2: Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser</issue>
  <issue tracker="bnc" id="1186053">VUL-0: CVE-2021-29623: kdegraphics4,exiv2,libgexiv2: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.2</issue>
  <issue tracker="bnc" id="1188645">VUL-0: CVE-2020-19716: exiv2: A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS).</issue>
  <issue tracker="bnc" id="1185447">VUL-0: CVE-2021-29470: exiv2: out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header</issue>
  <issue tracker="bnc" id="1189333">VUL-0: CVE-2021-37621: exiv2: DoS due to infinite loop in Image:printIFDStructure</issue>
  <issue tracker="bnc" id="1185002">VUL-0: CVE-2021-29457: exiv2: heap buffer overflow when write metadata into a crafted image file</issue>
  <issue tracker="bnc" id="1186192">VUL-0: CVE-2021-32617: exiv2: An inefficient algorithm (quadratic complexity) can cause a denial of service when run on a malicious crafted image file</issue>
  <issue tracker="bnc" id="1189332">VUL-1: CVE-2021-37620: exiv2: exiv2: out-of-bounds read in XmpTextValue:read()</issue>
  <issue tracker="bnc" id="1185218">GCC 11: exiv2 build fails on i586</issue>
  <issue tracker="bnc" id="1189334">VUL-0: CVE-2021-37622: exiv2: exiv2: DoS due to infinite loop in JpegBase:printStructure</issue>
  <issue tracker="bnc" id="1189338">VUL-0: CVE-2021-34334: exiv2: exiv2: DoS due to integer overflow in loop counter</issue>
  <issue tracker="bnc" id="1189335">VUL-0: CVE-2021-37623: exiv2: exiv2: DoS due to infinite loop in JpegBase:printStructure</issue>
  <issue tracker="bnc" id="1185913">VUL-0: CVE-2021-29463: exiv2,kdegraphics4,libgexiv2: An out-of-bounds read was found in webpimage.cpp</issue>
  <issue tracker="bnc" id="1189338">VUL-0: CVE-2021-34334: exiv2: exiv2: DoS due to integer overflow in loop counter</issue>
  <issue tracker="bnc" id="1142679">VUL-1: CVE-2019-13111: exiv2: integer overflow in WebPImage:decodeChunks leads to denial of service</issue>
  <issue tracker="bnc" id="1185913">VUL-0: CVE-2021-29463: exiv2,kdegraphics4,libgexiv2: An out-of-bounds read was found in webpimage.cpp</issue>
  <issue tracker="cve" id="2017-1000128"/>
  <issue tracker="cve" id="2019-13108"/>
  <issue tracker="cve" id="2020-19716"/>
  <issue tracker="cve" id="2021-29457"/>
  <issue tracker="cve" id="2021-29470"/>
  <issue tracker="cve" id="2021-29623"/>
  <issue tracker="cve" id="2021-31291"/>
  <issue tracker="cve" id="2021-32617"/>
  <issue tracker="cve" id="2021-37620"/>
  <issue tracker="cve" id="2021-37621"/>
  <issue tracker="cve" id="2021-37622"/>
  <issue tracker="cve" id="2021-37623"/>
  <issue tracker="cve" id="2021-34334"/>
  <issue tracker="cve" id="2021-29463"/>
  <issue tracker="cve" id="2021-34334"/>
  <issue tracker="cve" id="2019-13111"/>
  <issue tracker="cve" id="2021-29463"/>
  <issue tracker="jsc" id="PED-1393"/>
  <packager>dirkmueller</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for exiv2</summary>
  <description>This update for exiv2 fixes the following issues:

Updated to version 0.27.5 (jsc#PED-1393):

- CVE-2017-1000128: Fixed stack out of bounds read in JPEG2000 parser (bsc#1068871).
- CVE-2019-13108: Fixed integer overflow PngImage:readMetadata (bsc#1142675).
- CVE-2020-19716: Fixed buffer overflow vulnerability in the Databuf function in types.cpp (bsc#1188645).
- CVE-2021-29457: Fixed heap buffer overflow when write metadata into a crafted image file (bsc#1185002).
- CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447).
- CVE-2021-29623: Fixed read of uninitialized memory (bsc#1186053).
- CVE-2021-31291: Fixed heap-based buffer overflow in jp2image.cpp (bsc#1188733).
- CVE-2021-32617: Fixed denial of service due to inefficient algorithm (bsc#1186192).
- CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332).
- CVE-2021-37621: Fixed DoS due to infinite loop in Image:printIFDStructure (bsc#1189333).
- CVE-2021-37622: Fixed DoS due to infinite loop in JpegBase:printStructure (bsc#1189334)
- CVE-2021-34334: Fixed DoS due to integer overflow in loop counter(bsc#1189338)
- CVE-2021-37623: Fixed DoS due to infinite loop in JpegBase:printStructure (bsc#1189335)
- CVE-2021-29463: Fixed out-of-bounds read in webpimage.cpp (bsc#1185913).
- CVE-2021-34334: Fixed DoS due to integer overflow in loop counter (bsc#1189338)
- CVE-2019-13111: Fixed integer overflow in WebPImage:decodeChunks that lead to denial of service (bsc#1142679)
- CVE-2021-29463: Fixed an out-of-bounds read was found in webpimage.cpp (bsc#1185913)

Bugfixes:

- Fixed build using GCC 11 (bsc#1185218).

A new libexiv2-2_27 shared library is shipped, the libexiv2-2_26 is provided only for compatibility now.

Please recompile your applications using the exiv2 library.

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places