Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 41: Exiv2 Low Severity ABI Issues CVE-2025-54080 and CVE-2025-55304

fedora
Calendar Grey September 4, 2025
Dist Fedora Esm H88
To tackle minor bugs in Exiv2 version 0.28.6 and enhance metadata reliability in Fedora 41, implement these effective strategies for improvement
Exiv2 0.28.6 + patch to fix silent abi breakage Exiv2 v0.28.6 (Fixes two low severity CVEs)

Summary

A command line utility to access image metadata, allowing one to:

* print the Exif metadata of Jpeg images as summary info, interpreted values,

or the plain data for each tag

* print the Iptc metadata of Jpeg images

* print the Jpeg comment of Jpeg images

* set, add and delete Exif and Iptc metadata of Jpeg images

* adjust the Exif timestamp (that's how it all started...)

* rename Exif image files according to the Exif timestamp

* extract, insert and delete Exif metadata (including thumbnails),

Iptc metadata and Jpeg comments

Update Information:

Exiv2 0.28.6 + patch to fix silent abi breakage Exiv2 v0.28.6 (Fixes two low severity CVEs)

Topics%20covered

Topics Covered

security advisory fedora low performance issue exiv2 ABI fix

Change Log

* Sun Aug 31 2025 Steve Cossette - 0.28.6-2 - Make methods non-virtual (Fix for a silent ABI change introduced in 0.28.6) * Fri Aug 29 2025 Steve Cossette - 0.28.6-1 - 0.28.6 * Wed Jul 23 2025 Fedora Release Engineering - 0.28.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2391815 - CVE-2025-54080 exiv2: Exiv2 Segmentation Faults [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391815 [ 2 ] Bug #2391836 - CVE-2025-55304 exiv2: Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391836 [ 3 ] Bug #2391902 - exiv2-0.28.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2391902

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e1ae3d4ed9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
low
Lowest
Low
Medium
High
Critical

Name: exiv2
Product: Fedora 41
Version: 0.28.6
Release: 2.fc41
URL: https://exiv2.org/
Summary: Exif, IPTC and XMP metadata manipulation library

Topics%20covered

Topics Covered

security advisory fedora low performance issue exiv2 ABI fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here