MGASA-2021-0240

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0240.html

Import Source

https://advisories.mageia.org/MGASA-2021-0240.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0240

Related

Published

2021-06-08T16:46:03Z

Modified

2021-06-08T15:36:51Z

Summary

Updated exiv2 packages fix security vulnerabilities

Details

The updated packages fix security vulnerabilities:

Heap-based buffer overflow in Jp2Image::readMetadata(). (CVE-2021-3482)

Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata. (CVE-2021-29457)

Out-of-bounds read in Exiv2::Internal::CrwMap::encode. (CVE-2021-29458)

Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-29463)

Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-29464)

Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header. (CVE-2021-29470)

Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata. (CVE-2021-29473)

Read of uninitialized memory may lead to information leak. (CVE-2021-29623)

DoS due to quadratic complexity in ProcessUTF8Portion. (CVE-2021-32617)

References

Credits

Affected packages