Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 43: exiv2 Low ABI Breakage Fix CVE-2025-54080 2025-c23727e694

fedora
Calendar Grey September 16, 2025
Dist Fedora Esm H88
The latest update to Exiv2 for Fedora 43 addresses minor vulnerabilities, resolving segmentation faults and introducing performance improvements.
Exiv2 0.28.6 + patch to fix silent abi breakage Exiv2 v0.28.6 (Fixes two low severity CVEs)

Summary

A command line utility to access image metadata, allowing one to:

* print the Exif metadata of Jpeg images as summary info, interpreted values,

or the plain data for each tag

* print the Iptc metadata of Jpeg images

* print the Jpeg comment of Jpeg images

* set, add and delete Exif and Iptc metadata of Jpeg images

* adjust the Exif timestamp (that's how it all started...)

* rename Exif image files according to the Exif timestamp

* extract, insert and delete Exif metadata (including thumbnails),

Iptc metadata and Jpeg comments

Update Information:

Exiv2 0.28.6 + patch to fix silent abi breakage Exiv2 v0.28.6 (Fixes two low severity CVEs)

Topics%20covered

Topics Covered

security advisory fedora segmentation fault low exiv2 image metadata

Change Log

* Sun Aug 31 2025 Steve Cossette - 0.28.6-2 - Make methods non-virtual (Fix for a silent ABI change introduced in 0.28.6) * Fri Aug 29 2025 Steve Cossette - 0.28.6-1 - 0.28.6

References


[ 1 ] Bug #2391817 - CVE-2025-54080 exiv2: Exiv2 Segmentation Faults [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391817 [ 2 ] Bug #2391838 - CVE-2025-55304 exiv2: Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391838 [ 3 ] Bug #2391902 - exiv2-0.28.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2391902 [ 4 ] Bug #2391935 - FE: Exiv2 v0.28.6 https://bugzilla.redhat.com/show_bug.cgi?id=2391935

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c23727e694' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
low
Lowest
Low
Medium
High
Critical

Name: exiv2
Product: Fedora 43
Version: 0.28.6
Release: 2.fc43
URL: https://exiv2.org/
Summary: Exif, IPTC and XMP metadata manipulation library

Topics%20covered

Topics Covered

security advisory fedora segmentation fault low exiv2 image metadata

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here