UbuntuUpdates.org

Package "exiv2"

Name: exiv2

Description:

EXIF/IPTC/XMP metadata manipulation tool

Latest version: 0.25-4ubuntu2.2
Release: eoan (19.10)
Level: security
Repository: universe
Homepage: http://www.exiv2.org

Links


Download "exiv2"


Other versions of "exiv2" in Eoan

Repository Area Version
base universe 0.25-4ubuntu2
base main 0.25-4ubuntu2
security main 0.25-4ubuntu2.2
updates main 0.25-4ubuntu2.2
updates universe 0.25-4ubuntu2.2

Changelog

Version: 0.25-4ubuntu2.2 2020-02-05 20:06:58 UTC

  exiv2 (0.25-4ubuntu2.2) eoan-security; urgency=medium

   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-20421.patch: fix_1011_jp2_readmetadata_loop
       in src/jp2image.cpp.
     - CVE-2019-20421

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 04 Feb 2020 13:49:27 -0300

Source diff to previous version
CVE-2019-20421 In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote

Version: 0.25-4ubuntu2.1 2019-10-21 16:07:09 UTC

  exiv2 (0.25-4ubuntu2.1) eoan-security; urgency=medium

   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-17402.patch: check offset and size
       against total size in src/crwimage.cpp.
     - CVE-2019-17402

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 18 Oct 2019 09:53:38 -0300

CVE-2019-17402 Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in cr



About   -   Send Feedback to @ubuntu_updates