Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE Linux Enterprise 15-SP4: 2022:3889-1 Important: Exiv2 Issues Resolved

suse
Calendar Grey November 7, 2022
Dist Suse Esm H88
SUSE Security Advisory: exiv2 update addresses high-severity problems such as buffer overflow risks and denial of service threats.
An update that solves 15 vulnerabilities, contains one feature and has one errata is now available

Summary

This update for exiv2 fixes the following issues: Updated to version 0.27.5 (jsc#PED-1393): - CVE-2017-1000128: Fixed stack out of bounds read in JPEG2000 parser (bsc#1068871). - CVE-2019-13108: Fixed integer overflow PngImage:readMetadata (bsc#1142675). - CVE-2020-19716: Fixed buffer overflow vulnerability in the Databuf function in types.cpp (bsc#1188645). - CVE-2021-29457: Fixed heap buffer overflow when write metadata into a crafted image file (bsc#1185002). - CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447). - CVE-2021-29623: Fixed read of uninitialized memory (bsc#1186053). - CVE-2021-31291: Fixed heap-based buffer overflow in jp2image.cpp (bsc#1188733). - CVE-2021-32617: Fixed denial of service due to inefficient algorithm (bsc#1186192).

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow software patch important SUSE exiv2

References

#1068871 #1142675 #1142679 #1185002 #1185218

#1185447 #1185913 #1186053 #1186192 #1188645

#1188733 #1189332 #1189333 #1189334 #1189335

#1189338 PED-1393

Cross- CVE-2017-1000128 CVE-2019-13108 CVE-2019-13111

CVE-2020-19716 CVE-2021-29457 CVE-2021-29463

CVE-2021-29470 CVE-2021-29623 CVE-2021-31291

CVE-2021-32617 CVE-2021-34334 CVE-2021-37620

CVE-2021-37621 CVE-2021-37622 CVE-2021-37623

CVSS scores:

CVE-2017-1000128 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2017-1000128 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2019-13108 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2019-13108 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3889-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow software patch important SUSE exiv2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here