MGASA-2021-0240 - Updated exiv2 packages fix security vulnerabilities Publication date: 08 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0240.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-3482, CVE-2021-29457, CVE-2021-29458, CVE-2021-29463, CVE-2021-29464, CVE-2021-29470, CVE-2021-29473, CVE-2021-29623, CVE-2021-32617 The updated packages fix security vulnerabilities: Heap-based buffer overflow in Jp2Image::readMetadata(). (CVE-2021-3482) Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata. (CVE-2021-29457) Out-of-bounds read in Exiv2::Internal::CrwMap::encode. (CVE-2021-29458) Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-29463) Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-29464) Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header. (CVE-2021-29470) Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata. (CVE-2021-29473) Read of uninitialized memory may lead to information leak. (CVE-2021-29623) DoS due to quadratic complexity in ProcessUTF8Portion. (CVE-2021-32617) References: - https://bugs.mageia.org/show_bug.cgi?id=29008 - https://ubuntu.com/security/notices/USN-4941-1 - https://ubuntu.com/security/notices/USN-4964-1 - https://lists.fedoraproject.org/archives/list/[email protected]/thread/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/ - https://lists.fedoraproject.org/archives/list/[email protected]/thread/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29623 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32617 SRPMS: - 7/core/exiv2-0.27.1-3.5.mga7 - 8/core/exiv2-0.27.3-1.1.mga8