Overview

File _patchinfo of Package patchinfo.26165

<patchinfo incident="26165">
  <issue tracker="cve" id="2018-10772"/>
  <issue tracker="cve" id="2018-18915"/>
  <issue tracker="cve" id="2018-5772"/>
  <issue tracker="cve" id="2018-8976"/>
  <issue tracker="cve" id="2018-8977"/>
  <issue tracker="cve" id="2020-18898"/>
  <issue tracker="cve" id="2020-18899"/>
  <issue tracker="cve" id="2021-29470"/>
  <issue tracker="cve" id="2021-31291"/>
  <issue tracker="cve" id="2021-31292"/>
  <issue tracker="cve" id="2021-32617"/>
  <issue tracker="cve" id="2021-37618"/>
  <issue tracker="cve" id="2021-37619"/>
  <issue tracker="cve" id="2021-37620"/>
  <issue tracker="cve" id="2021-37621"/>
  <issue tracker="bnc" id="1189333">VUL-0: CVE-2021-37621: exiv2: DoS due to infinite loop in Image:printIFDStructure</issue> 
  <issue tracker="bnc" id="1186192">VUL-0: CVE-2021-32617: exiv2: An inefficient algorithm (quadratic complexity) can cause a denial of service when run on a malicious crafted image file</issue> 
  <issue tracker="bnc" id="1185447">VUL-0: CVE-2021-29470: exiv2: out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header</issue>
  <issue tracker="bnc" id="1189332">VUL-1: CVE-2021-37620: exiv2: exiv2: out-of-bounds read in XmpTextValue:read()</issue>
  <issue tracker="bnc" id="1189331">VUL-1: CVE-2021-37619: exiv2: exiv2: out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header</issue>
  <issue tracker="bnc" id="1189780">VUL-1: CVE-2020-18898: exiv2: A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.</issue>
  <issue tracker="bnc" id="1086798">VUL-1: CVE-2018-8977: exiv2: The Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.</issue>
  <issue tracker="bnc" id="1076579">VUL-0: CVE-2018-5772: exiv2: In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure function in the image.cpp file. Remoteattackers could leve rage this vulnerability to cause a</issue>
  <issue tracker="bnc" id="1188756">VUL-1: CVE-2021-31292: exiv2: An integer overflow in CrwMap:encode0x1810 allows attackers to trigger a heap-based buffer overflow and cause a denial of service via crafted metadata.</issue>
  <issue tracker="bnc" id="1114690">VUL-1: CVE-2018-18915: exiv2: There is an infinite loop in the Exiv2:Image:printIFDStructure function, which will lead to a denial of service.</issue>
  <issue tracker="bnc" id="1188733">VUL-0: CVE-2021-31291: exiv2: A heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata</issue>
  <issue tracker="bnc" id="1086810">VUL-1: CVE-2018-8976: exiv2: jpgimage.cpp allows remote attackers to cause a denial of service(image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.</issue>
  <issue tracker="bnc" id="1189330">VUL-1: CVE-2021-37618: exiv2: exiv2: out-of-bounds read in Exiv2:Jp2Image:printStructure</issue>
  <issue tracker="bnc" id="1189636">VUL-0: CVE-2020-18899: exiv2: An uncontrolled memory allocation in Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input</issue>
  <issue tracker="bnc" id="1092096">VUL-1: exiv2: There is a Segmentation fault when the function Exiv2::tEXtToDataBuf() is finished</issue>
  <packager>dirkmueller</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for exiv2</summary>
  <description>This update for exiv2 fixes the following issues:

- CVE-2021-37621: Fixed denial of service due to infinite loop in Image:printIFDStructure (bsc#1189333).
- CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332).
- CVE-2021-37619: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1189331).
- CVE-2021-37618: Fixed out-of-bounds read in Exiv2:Jp2Image:printStructure (bsc#1189330).
- CVE-2021-32617: Fixed denial of service inside inefficient algorithm (quadratic complexity) (bsc#1186192).
- CVE-2021-31292: Fixed integer overflow in CrwMap:encode0x1810 (bsc#1188756).
- CVE-2021-31291: Fixed heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service (bsc#1188733).
- CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447).
- CVE-2020-18899: Fixed uncontrolled memory allocation (bsc#1189636).
- CVE-2020-18898: Fixed remote denial of service in printIFDStructure function (bsc#1189780).
- CVE-2018-8977: Fixed remote denial of service in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (bsc#1086798).
- CVE-2018-8976: Fixed remote denial of service in image.cpp Exiv2::Internal::stringFormat via out-of-bounds read (bsc#1086810).
- CVE-2018-5772: Fixed segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure (bsc#1076579).
- CVE-2018-18915: Fixed an infinite loop in the Exiv2:Image:printIFDStructure function (bsc#1114690).
- CVE-2018-10772: Fixed segmentation fault when the function Exiv2::tEXtToDataBuf() is finished (bsc#1092096).
</description>                                             
</patchinfo>
openSUSE Build Service is sponsored by
Places