exiv2-0.27.3 security fixes.
|Reported by:||Owned by:|
Today on lwn.net I noticed that fedora had patched exiv2 for 5 CVEs (two heap-based buffer overflows, three out of bounds reads). NVD rates three as medium, one as low, but one as high - both the low and the high severity require writing the metadata, which is not a common operation.
The patches have been applied to the 0.27 maintenance branch, but although at least one of the CVEs said it has been fixed in 0.27.4 that has not yet been released.