SUSE-SU-2022:3598-1 -- SLES exiv2, libexiv2-26, libexiv2-develID: oval:org.secpod.oval:def:89047052 | Date: (C)2022-10-18 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update for exiv2 fixes the following issues: - CVE-2021-37621: Fixed denial of service due to infinite loop in Image:printIFDStructure . - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read . - CVE-2021-37619: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header . - CVE-2021-37618: Fixed out-of-bounds read in Exiv2:Jp2Image:printStructure . - CVE-2021-32617: Fixed denial of service inside inefficient algorithm . - CVE-2021-31292: Fixed integer overflow in CrwMap:encode0x1810 . - CVE-2021-29457: Fixed heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service . - CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header . - CVE-2020-18899: Fixed uncontrolled memory allocation . - CVE-2020-18898: Fixed remote denial of service in printIFDStructure function . - CVE-2018-8977: Fixed remote denial of service in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp . - CVE-2018-8976: Fixed remote denial of service in image.cpp Exiv2::Internal::stringFormat via out-of-bounds read . - CVE-2018-5772: Fixed segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure . - CVE-2018-18915: Fixed an infinite loop in the Exiv2:Image:printIFDStructure function . - CVE-2018-10772: Fixed segmentation fault when the function Exiv2::tEXtToDataBuf is finished .
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Server 15 SP1 |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Desktop 15 SP3 |
Product: |
exiv2 |
libexiv2-26 |
libexiv2-devel |