Summary: | <media-gfx/exiv2-0.27.5: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+] | ||
Package list: |
media-gfx/exiv2-0.27.5-r1
|
Runtime testing required: | --- |
Bug Depends on: | 822198 | ||
Bug Blocks: |
Description
Sam James
2021-08-09 23:01:31 UTC
CVE-2020-18899: An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input. CVE-2020-18773 (https://github.com/Exiv2/exiv2/issues/760 (closed as invalid)): An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. CVE-2020-18774 (https://github.com/Exiv2/exiv2/issues/759 (closed as invalid)): A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. CVE-2020-18771 (https://github.com/Exiv2/exiv2/issues/756): Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. Patch: https://github.com/Exiv2/exiv2/commit/b148cfaa1ab1a6a0ce8eb90d3b18b660a7620a34 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c259f26d5d9450bcd67574a55405a7a8ab807945 commit c259f26d5d9450bcd67574a55405a7a8ab807945 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-10-22 08:50:49 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-22 08:50:49 +0000 media-gfx/exiv2: add 0.27.5 Bug: https://bugs.gentoo.org/807346 Signed-off-by: Sam James <sam@gentoo.org> media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.27.5.ebuild | 112 ++++++++++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+) Please remember we're no longer doing stabilizations directly in security bugs. Keywords are not fully specified and arches are not CC-ed for the following packages: - =media-gfx/exiv2-0.27.5-r1 Please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8034036cc6039af965de8da3d0439c88e407371b commit 8034036cc6039af965de8da3d0439c88e407371b Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-11-10 10:44:48 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-11-10 10:44:48 +0000 media-gfx/exiv2: Cleanup vulnerable 0.27.4-r2 Bug: https://bugs.gentoo.org/807346 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-gfx/exiv2/Manifest | 1 - media-gfx/exiv2/exiv2-0.27.4-r2.ebuild | 116 --------------------- .../exiv2/files/exiv2-0.27.4-gtest-1.11.patch | 32 ------ 3 files changed, 149 deletions(-) kde proj job done. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ac054647254eb13d0b84b78ceab28ba69d92c404 commit ac054647254eb13d0b84b78ceab28ba69d92c404 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-22 09:22:44 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-22 09:23:49 +0000 [ GLSA 202312-06 ] Exiv2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/785646 Bug: https://bugs.gentoo.org/807346 Bug: https://bugs.gentoo.org/917650 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-06.xml | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) |