#15199 closed enhancement (fixed)
exiv2-0.27.4
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
Didn't show up on the currency script, just noticed it over on Arch
Change History (6)
comment:1 by , 3 years ago
comment:2 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Alright cool, I'll go get this in
comment:3 by , 3 years ago
| Priority: | normal → elevated |
|---|
Exiv2 v0.27.4 Features
bmff support (.CR3, .AVIF, .HEIC, .HIF, .JXL/bmff) files.
Rewrite 0.27 bash test scripts in python.
Support for Exif 2.32 and DNG 1.6.
Crowdin Localisation Support
Completion of Image Metadata and Exiv2 Architecture https://clanmills.com/exiv2/book/
Improved documentation.
Various minor bugs and fixes.
RC3 issued to deal with 12 security issues. After 18 months without a CVE, we were attacked between RC2 and GM.
Security policy defined and published on GitHub.
Marking elevated due to security fixes
comment:4 by , 3 years ago
Borrowed from Arch (https://security.archlinux.org/package/exiv2):
CVE-2021-32617 AVG-1772 Low Yes Denial of service An inefficient algorithm (quadratic complexity) was found in Exiv2 before version 0.27.4. The inefficient algorithm is triggered when Exiv2 is used to write... CVE-2021-29623 AVG-1772 Low Yes Information disclosure A read of uninitialized memory was found in Exiv2 before version 0.27.4. The read of uninitialized memory is triggered when Exiv2 is used to read the... CVE-2021-29473 AVG-1772 Low Yes Denial of service An out-of-bounds read was found in Exiv2 before version 0.27.4. An attacker could potentially exploit the vulnerability to cause a denial of service by... CVE-2021-29470 AVG-1772 Low Yes Denial of service An out-of-bounds read was found in Exiv2 before version 0.27.4. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted... CVE-2021-29464 AVG-1772 Low Yes Arbitrary code execution A heap buffer overflow was found in Exiv2 before version 0.27.4. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image... CVE-2021-29463 AVG-1772 Low Yes Denial of service An out-of-bounds read was found in Exiv2 before version 0.27.4. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted... CVE-2021-29458 AVG-1772 Low Yes Denial of service An out-of-bounds read was found in Exiv2 before version 0.27.4. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted... CVE-2021-29457 AVG-1772 Low Yes Arbitrary code execution A heap buffer overflow was found in Exiv2 before version 0.27.4. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image... CVE-2021-3482 AVG-1772 Low Yes Arbitrary code execution A security issue was found in Exiv2 in versions before version 0.27.4. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in...
I'll file an SA after I'm done with submitting this update
comment:5 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
I fixed the currency script for exiv2.