CVE-2014-9449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9449): Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.
Fedora is applying this patch already: http://pkgs.fedoraproject.org/cgit/exiv2.git/plain/exiv2-0.24-CVE-2014-9449.patch
*** Bug 526042 has been marked as a duplicate of this bug. ***
(In reply to Pacho Ramos from comment #1) > Fedora is applying this patch already: > http://pkgs.fedoraproject.org/cgit/exiv2.git/plain/exiv2-0.24-CVE-2014-9449. > patch Thanks. + + 20 Jan 2015; Johannes Huber <johu@gentoo.org> +exiv2-0.24-r1.ebuild, + +files/exiv2-0.24-CVE-2014-9449.patch: + Revision bump adds patch from fedora to fix CVE-2014-9449, bug #534608. Thanks + to Pacho Ramos <pacho@gentoo.org> for spotting the patch. + Arches please stabilize =media-gfx/exiv2-0.24-r1
amd64 stable
x86 stable
Stable for HPPA.
alpha stable
arm stable
ppc stable
sparc stable
ppc64 stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Maintainer(s), Thank you for you for cleanup. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s).
Cleanup done by Manuel. Removing maintainer from cc then. + + 30 May 2015; Manuel Rüger <mrueg@gentoo.org> -exiv2-0.23-r1.ebuild, + -exiv2-0.23-r2.ebuild, -exiv2-0.24.ebuild: + Remove old. +
Maintainer(s), Thank you for you for cleanup.
This issue was resolved and addressed in GLSA 201507-03 at https://security.gentoo.org/glsa/201507-03 by GLSA coordinator Mikle Kolyada (Zlogene).