SUSE-SU-2022:4208-1 -- SLES libexiv2-26ID: oval:org.secpod.oval:def:89047949 | Date: (C)2022-11-25 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update for exiv2-0_26 fixes the following issues: - CVE-2019-17402: Fixed improper validation of the total size to the offset and size leads to a crash in Exiv2::getULong in types.cpp . - CVE-2018-20098: Fixed a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header . - CVE-2018-17581: Fixed an excessive stack consumption CiffDirectory:readDirectory at crwimage_int.cpp . - CVE-2018-20099: exiv2: infinite loop in Exiv2::Jp2Image::encodeJp2Header . - CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu . - CVE-2017-11591: Fixed a floating point exception in Exiv2::ValueType . - CVE-2018-11531: Fixed a heap-based buffer overflow in getData in preview.cpp . - CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp . - CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata . - CVE-2019-13109: Fixed a denial of service in PngImage:readMetadata . - CVE-2019-13110: Fixed an integer-overflow and out-of-bounds read in CiffDirectory:readDirectory leads to denail of service .
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |