Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora: FEDORA-2019-60553d5a18 Critical: exiv2 Denial Of Service Advisory

fedora
Calendar Grey August 8, 2019
Dist Fedora Esm H88
Important security notice regarding exiv2 in Fedora. Several vulnerabilities addressing denial of service have been fixed. Ensure your systems are updated promptly.
New upstream bugfix and security release.

Summary

A command line utility to access image metadata, allowing one to:

* print the Exif metadata of Jpeg images as summary info, interpreted values,

or the plain data for each tag

* print the Iptc metadata of Jpeg images

* print the Jpeg comment of Jpeg images

* set, add and delete Exif and Iptc metadata of Jpeg images

* adjust the Exif timestamp (that's how it all started...)

* rename Exif image files according to the Exif timestamp

* extract, insert and delete Exif metadata (including thumbnails),

Iptc metadata and Jpeg comments

New upstream bugfix and security release.

* Mon Jul 29 2019 Rex Dieter - 0.27.2-1

- 0.27.2

* Thu Jul 25 2019 Fedora Release Engineering - 0.27.2-0.2.RC2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Tue Jul 16 2019 Rex Dieter - 0.27.2-0.1.RC2

- 0.27.2-RC2 (#1720353)

* Fri Apr 26 2019 Rex Dieter - 0.27.1-1

- exiv-0.27.1 (#1696117)

[ 1 ] Bug #1728481 - CVE-2019-13108 exiv2: integer overflow PngImage::readMetadata leads to denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1728481

[ 2 ] Bug #1728484 - CVE-2019-13109 exiv2: denial of service in PngImage::readMetadata

https://bugzilla.redhat.com/show_bug.cgi?id=1728484

[ 3 ] Bug #1728486 - CVE-2019-13110 exiv2: integer-overflow and out-of-bounds read in CiffDirectory::readDirectory leads to denail of service

https://bugzilla.redhat.com/show_bug.cgi?id=1728486

[ 4 ] Bug #1728488 - CVE-2019-13111 exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1728488

[ 5 ] Bug #1728490 - CVE-2019-13112 exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1728490

[ 6 ] Bug #1728492 - CVE-2019-13113 exiv2: invalid data location in CRW image file causing denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1728492

[ 7 ] Bug #1728494 - CVE-2019-13114 exiv2: null-pointer dereference in http.c causing denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1728494

su -c 'dnf upgrade --advisory FEDORA-2019-60553d5a18' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory denial of service Fedora bugfix exiv2 metadata manipulation

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 0.27.2
Release: 1.fc30
URL: Summary : Exif and Iptc metadata manipulation library

Topics%20covered

Topics Covered

security advisory denial of service Fedora bugfix exiv2 metadata manipulation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here