USN-5043-1 fixed vulnerabilities in Exiv2. The update introduced a new regression that could cause a crash in applications using libexiv2. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-37620)
{ "availability": "No subscription required", "binaries": [ { "binary_name": "exiv2", "binary_version": "0.27.2-8ubuntu2.7" }, { "binary_name": "exiv2-dbgsym", "binary_version": "0.27.2-8ubuntu2.7" }, { "binary_name": "libexiv2-27", "binary_version": "0.27.2-8ubuntu2.7" }, { "binary_name": "libexiv2-27-dbgsym", "binary_version": "0.27.2-8ubuntu2.7" }, { "binary_name": "libexiv2-dev", "binary_version": "0.27.2-8ubuntu2.7" }, { "binary_name": "libexiv2-doc", "binary_version": "0.27.2-8ubuntu2.7" } ] }