OESA-2022-2063

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2063
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-2063.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2022-2063
Upstream
  • CVE-2022-3756
Published
2022-11-11T11:04:33Z
Modified
2025-09-03T06:18:24.528420Z
Summary
exiv2 security update
Details

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats.

Security Fix(es):

A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496.(CVE-2022-3756)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / exiv2

Package

Name
exiv2
Purl
pkg:rpm/openEuler/exiv2&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.27.5-2.oe1

Ecosystem specific 

{
    "src": [
        "exiv2-0.27.5-2.oe1.src.rpm"
    ],
    "aarch64": [
        "exiv2-debugsource-0.27.5-2.oe1.aarch64.rpm",
        "exiv2-debuginfo-0.27.5-2.oe1.aarch64.rpm",
        "exiv2-0.27.5-2.oe1.aarch64.rpm",
        "exiv2-devel-0.27.5-2.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "exiv2-debuginfo-0.27.5-2.oe1.x86_64.rpm",
        "exiv2-0.27.5-2.oe1.x86_64.rpm",
        "exiv2-devel-0.27.5-2.oe1.x86_64.rpm",
        "exiv2-debugsource-0.27.5-2.oe1.x86_64.rpm"
    ],
    "noarch": [
        "exiv2-help-0.27.5-2.oe1.noarch.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2022-2063.json"

openEuler:20.03-LTS-SP3 / exiv2

Package

Name
exiv2
Purl
pkg:rpm/openEuler/exiv2&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.27.5-2.oe1

Ecosystem specific 

{
    "src": [
        "exiv2-0.27.5-2.oe1.src.rpm"
    ],
    "aarch64": [
        "exiv2-debuginfo-0.27.5-2.oe1.aarch64.rpm",
        "exiv2-devel-0.27.5-2.oe1.aarch64.rpm",
        "exiv2-0.27.5-2.oe1.aarch64.rpm",
        "exiv2-debugsource-0.27.5-2.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "exiv2-devel-0.27.5-2.oe1.x86_64.rpm",
        "exiv2-debugsource-0.27.5-2.oe1.x86_64.rpm",
        "exiv2-debuginfo-0.27.5-2.oe1.x86_64.rpm",
        "exiv2-0.27.5-2.oe1.x86_64.rpm"
    ],
    "noarch": [
        "exiv2-help-0.27.5-2.oe1.noarch.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2022-2063.json"

openEuler:22.03-LTS / exiv2

Package

Name
exiv2
Purl
pkg:rpm/openEuler/exiv2&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.27.5-3.oe2203

Ecosystem specific 

{
    "src": [
        "exiv2-0.27.5-3.oe2203.src.rpm"
    ],
    "aarch64": [
        "exiv2-debuginfo-0.27.5-3.oe2203.aarch64.rpm",
        "exiv2-devel-0.27.5-3.oe2203.aarch64.rpm",
        "exiv2-debugsource-0.27.5-3.oe2203.aarch64.rpm",
        "exiv2-0.27.5-3.oe2203.aarch64.rpm"
    ],
    "x86_64": [
        "exiv2-debuginfo-0.27.5-3.oe2203.x86_64.rpm",
        "exiv2-debugsource-0.27.5-3.oe2203.x86_64.rpm",
        "exiv2-devel-0.27.5-3.oe2203.x86_64.rpm",
        "exiv2-0.27.5-3.oe2203.x86_64.rpm"
    ],
    "noarch": [
        "exiv2-help-0.27.5-3.oe2203.noarch.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2022-2063.json"