MGASA-2021-0240
- Source
- https://advisories.mageia.org/MGASA-2021-0240.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0240.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2021-0240
- Related
- Published
- 2021-06-08T16:46:03Z
- Modified
- 2021-06-08T15:36:51Z
- Summary
- Updated exiv2 packages fix security vulnerabilities
- Details
-
The updated packages fix security vulnerabilities:
Heap-based buffer overflow in Jp2Image::readMetadata(). (CVE-2021-3482)
Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata. (CVE-2021-29457)
Out-of-bounds read in Exiv2::Internal::CrwMap::encode. (CVE-2021-29458)
Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-29463)
Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-29464)
Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header. (CVE-2021-29470)
Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata. (CVE-2021-29473)
Read of uninitialized memory may lead to information leak. (CVE-2021-29623)
DoS due to quadratic complexity in ProcessUTF8Portion. (CVE-2021-32617)
- References
-
- https://advisories.mageia.org/MGASA-2021-0240.html
- https://bugs.mageia.org/show_bug.cgi?id=29008
- https://ubuntu.com/security/notices/USN-4941-1
- https://ubuntu.com/security/notices/USN-4964-1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / exiv2
Package
- Name
- exiv2
- Purl
- pkg:rpm/mageia/exiv2?distro=mageia-8
Mageia:7 / exiv2
Package
- Name
- exiv2
- Purl
- pkg:rpm/mageia/exiv2?distro=mageia-7