Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 34 Exiv2: 2021-10d7331a31 Critical Buffer Overflow

fedora
Calendar Grey May 3, 2021
Dist Fedora Esm H88
Essential Exiv2 upgrade for Fedora 34 addresses several vulnerabilities. Safeguard your system promptly with this update.
Exiv2 update fixing security issues.

Summary

A command line utility to access image metadata, allowing one to:

* print the Exif metadata of Jpeg images as summary info, interpreted values,

or the plain data for each tag

* print the Iptc metadata of Jpeg images

* print the Jpeg comment of Jpeg images

* set, add and delete Exif and Iptc metadata of Jpeg images

* adjust the Exif timestamp (that's how it all started...)

* rename Exif image files according to the Exif timestamp

* extract, insert and delete Exif metadata (including thumbnails),

Iptc metadata and Jpeg comments

Exiv2 update fixing security issues.

* Thu Apr 29 2021 Jan Grulich - 0.27.3-6

- CVE-2021-3482: Fix heap-based buffer overflow in Jp2Image::readMetadata()

CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode

CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata

CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header

CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata

[ 1 ] Bug #1946315 - CVE-2021-3482 exiv2: heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1946315

[ 2 ] Bug #1952608 - CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1952608

[ 3 ] Bug #1952613 - CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1952613

[ 4 ] Bug #1953709 - CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1953709

[ 5 ] Bug #1954066 - CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1954066

su -c 'dnf upgrade --advisory FEDORA-2021-10d7331a31' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora security fix heap overflow out of bounds Exiv2

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 34
Version: 0.27.3
Release: 6.fc34
URL: Summary : Exif and Iptc metadata manipulation library

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora security fix heap overflow out of bounds Exiv2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here