UbuntuUpdates.org

Package "exiv2"

Name: exiv2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • EXIF/IPTC/XMP metadata manipulation library
  • EXIF/IPTC/XMP metadata manipulation library - development files
  • EXIF/IPTC/XMP metadata manipulation library - HTML documentation

Latest version: 0.25-4ubuntu0.1
Release: cosmic (18.10)
Level: security
Repository: main

Links

Save this URL for the latest version of "exiv2": https://www.ubuntuupdates.org/exiv2



Other versions of "exiv2" in Cosmic

Repository Area Version
base universe 0.25-4
base main 0.25-4
security universe 0.25-4ubuntu0.1
updates main 0.25-4ubuntu0.1
updates universe 0.25-4ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.25-4ubuntu0.1 2019-01-10 17:06:55 UTC

  exiv2 (0.25-4ubuntu0.1) cosmic-security; urgency=medium

   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2017-11591.patch: fix in
       include/exiv2/value.hpp.
     - CVE-2017-11591
   * SECURITY UPDATE: Remote denial of service
     - debian/patches/CVE-2017-11683.patch: fix in
       src/tiffvisitor.cpp.
     - CVE-2017-11683
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2017-14859_14862_14864.patch: fix in
       src/error.cpp, src/tiffvisitor.cpp.
     - CVE-2017-14859
     - CVE-2017-14862
     - CVE-2017-14864
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2017-17669.patch: fix in
       src/pngchunk.cpp.
     - CVE-2017-17669
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2018-17581.patch: fix in
       src/crwimage.cpp.
     - CVE-2018-17581
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-16336*.patch: fix in
       src/pngchunk.cpp.
     - CVE-2018-16336
  * Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 09 Jan 2019 10:55:29 -0300

CVE-2017-11591 There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted in
CVE-2017-11683 There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denia
CVE-2017-14859 An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentat
CVE-2017-14862 An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fa
CVE-2017-14864 An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and
CVE-2017-17669 There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file w
CVE-2018-17581 CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of se
CVE-2018-16336 Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a craf
CVE-2018-10958 In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUnc



About   -   Send Feedback to @ubuntu_updates