UbuntuUpdates.org

Package "libexiv2-14"

Name: libexiv2-14

Description:

EXIF/IPTC/XMP metadata manipulation library

Latest version: 0.25-3.1ubuntu0.18.04.11
Release: bionic (18.04)
Level: updates
Repository: main
Head package: exiv2
Homepage: http://www.exiv2.org

Links


Download "libexiv2-14"


Other versions of "libexiv2-14" in Bionic

Repository Area Version
base main 0.25-3.1
security main 0.25-3.1ubuntu0.18.04.11

Changelog

Version: 0.25-3.1ubuntu0.18.04.11 2021-08-17 20:06:18 UTC

  exiv2 (0.25-3.1ubuntu0.18.04.11) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-32815-*.patch: adds a check of sizes
      adds msgs prints for DEBUG flags in
      src/crwimage_int.cpp.
    - CVE-2021-32815
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-34334-*.patch: adds
      an extra checking to prevent the loop counter from wrapping around in
      crwimage.cpp; changes type of escapeStart to size_t in src/exiv2.cpp;
    - CVE-2021-34334
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2021-37620-*.patch:
      check that type isn't an empty string in src/values.cpp and
      adds safer vector indexing in multiples files in src/*.
    - CVE-2021-37620
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2021-37622-*.patch: makes sure
      that read is complete to prevent infinite loop and remove dedundant
      check in src/jpgimage.cpp.
    - CVE-2021-37622
  * debian/patches/fix_enforce_include.patch: includes enforce in
    crwimage.cpp.

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 16 Aug 2021 12:16:38 -0300

Source diff to previous version
CVE-2021-32815 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is t
CVE-2021-34334 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is trigge
CVE-2021-37620 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was
CVE-2021-37622 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found

Version: 0.25-3.1ubuntu0.18.04.10 2021-08-02 19:06:24 UTC

  exiv2 (0.25-3.1ubuntu0.18.04.10) bionic-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2021-31291.patch: fix out of buffer checking limit
      and throw exception in case box is broken in src/jp2image.cpp.
    - CVE-2021-31291

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 28 Jul 2021 14:45:08 -0300

Source diff to previous version
CVE-2021-31291 A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service (DOS) via crafted metadata.

Version: 0.25-3.1ubuntu0.18.04.9 2021-05-25 16:06:23 UTC

  exiv2 (0.25-3.1ubuntu0.18.04.9) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-29473.patch: Add bounds check in
      Jp2Image::doWriteMetadata() in src/jp2image.cpp.
    - CVE-2021-29473
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug
      in xmpsdk/src/XMPMeta-Parse.cpp.
    - CVE-2021-32617

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 May 2021 12:10:13 -0300

Source diff to previous version
CVE-2021-29473 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was
CVE-2021-32617 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (

Version: 0.25-3.1ubuntu0.18.04.7 2021-05-10 20:07:26 UTC

  exiv2 (0.25-3.1ubuntu0.18.04.7) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow
    - debian/patches/CVE-2021-3482.patch: fix buffer overflow
      in src/jp2image.cpp.
    - CVE-2021-3482
  * SECURITY UPDATE: An out of buffer access
    - debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp
      (LP: #1923479)
    - CVE-2021-29457
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp
      (LP: #1923479)
    - CVE-2021-29458

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 13 Apr 2021 13:24:50 -0300

Source diff to previous version
1923479 out of buffer access and Integer overflow in Exiv2
CVE-2021-3482 A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetada
CVE-2021-29457 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was
CVE-2021-29458 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was

Version: 0.25-3.1ubuntu0.18.04.5 2020-02-05 20:06:56 UTC

  exiv2 (0.25-3.1ubuntu0.18.04.5) bionic-security; urgency=medium

   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-20421.patch: fix_1011_jp2_readmetadata_loop
       in src/jp2image.cpp.
     - CVE-2019-20421

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 04 Feb 2020 12:37:33 -0300

CVE-2019-20421 In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote



About   -   Send Feedback to @ubuntu_updates