Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 75 articles for you...
89
security advisorydenial of servicefedoraFedora 42 mingw-exiv2 Important Denial of Service Fix 2026-592e4238fa
Update to exiv2-0.28.8.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-592e4238fa 2026-04-12 15:52:51.750287+00:00 -------------------------------------------------------------------------------- Name : mingw-exiv2 Product : Fedora 42 Version : 0.28.8 Release : 1.fc42 URL : https://exiv2.org/ Summary : MinGW Windows exiv2 library Description : MinGW Windows exiv2 library. -------------------------------------------------------------------------------- Update Information: Update to exiv2-0.28.8. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 7 2026 Sandro Mani - 0.28.8-1 - Update to 0.28.8 * Fri Jan 16 2026 Fedora Release Engineering - 0.28.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2453392 - CVE-2026-25884 mingw-exiv2: Exiv2: Denial of service via out-of-bounds read in CRW image parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453392 [ 2 ] Bug #2453394 - CVE-2026-27596 mingw-exiv2: Exiv2: Denial of Service via out-of-bounds read in preview component [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453394 [ 3 ] Bug #2453396 - CVE-2026-27631 mingw-exiv2: Exiv2: Denial of Service via integer overflow in preview component [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453396 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-592e4238fa' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPGkeys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 12, 2026
•Important
Fedora
100
security advisorydenial of serviceSuSESUSE exiv2 Important Buffer Overflow Denial of Service Vuln 2026-20923-1
An update that solves nine vulnerabilities can now be installed.. # Security update for exiv2 Announcement ID: SUSE-SU-2026:20923-1 Release Date: 2026-03-23T09:44:37Z Rating: important References: * bsc#1219870 * bsc#1219871 * bsc#1227528 * bsc#1237347 * bsc#1248962 * bsc#1248963 * bsc#1259083 * bsc#1259084 * bsc#1259085 Cross-References: * CVE-2024-24826 * CVE-2024-25112 * CVE-2024-39695 * CVE-2025-26623 * CVE-2025-54080 * CVE-2025-55304 * CVE-2026-25884 * CVE-2026-27596 * CVE-2026-27631 CVSS scores: * CVE-2024-24826 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-24826 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-24826 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-25112 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-25112 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-25112 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-39695 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2024-39695 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-26623 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-26623 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-26623 ( NVD ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-54080 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-54080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-54080 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-55304 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-55304 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-55304 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25884 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25884 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-25884 ( NVD ): 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-27596 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27596 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27596 ( NVD ): 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27596 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27631 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27631 ( NVD ): 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27631 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves nine vulnerabilities can now be installed. ## Description: This update for exiv2 fixes the following issues: Update to exiv2 0.28.8: * CVE-2024-24826: out-of-bounds read inQuickTimeVideo: NikonTagsDecoder (bsc#1219870). * CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo: multipleEntriesDecoder (bsc#1219871). * CVE-2024-39695: out-of-bounds read in AsfVideo: streamProperties (bsc#1227528). * CVE-2025-26623: heap buffer overflow via writing metadata into a crafted image file (bsc#1237347). * CVE-2025-54080: out-of-bounds read in `Exiv2: EpsImage: writeMetadata()` when writing metadata into a crafted image file (bsc#1248962). * CVE-2025-55304: quadratic performance algorithm in the ICC profile parsing code of `JpegBase: readMetadata` (bsc#1248963). * CVE-2026-25884: out-of-bounds read in `CrwMap: decode0x0805` (bsc#1259083). * CVE-2026-27596: integer overflow in `LoaderNative: getData()` leads to out- of-bounds read (bsc#1259084). * CVE-2026-27631: crash due to uncaught exception when trying to create `std: vector` larger than `max_size()` (bsc#1259085). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-424=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * exiv2-debugsource-0.28.8-160000.1.1 * libexiv2-28-0.28.8-160000.1.1 * libexiv2-28-debuginfo-0.28.8-160000.1.1 * exiv2-debuginfo-0.28.8-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (x86_64) * libexiv2-28-x86-64-v3-0.28.8-160000.1.1 * libexiv2-28-x86-64-v3-debuginfo-0.28.8-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-24826.html * https://www.suse.com/security/cve/CVE-2024-25112.html * https://www.suse.com/security/cve/CVE-2024-39695.html * https://www.suse.com/security/cve/CVE-2025-26623.html * https://www.suse.com/security/cve/CVE-2025-54080.html *https://www.suse.com/security/cve/CVE-2025-55304.html * https://www.suse.com/security/cve/CVE-2026-25884.html * https://www.suse.com/security/cve/CVE-2026-27596.html * https://www.suse.com/security/cve/CVE-2026-27631.html * https://bugzilla.suse.com/show_bug.cgi?id=1219870 * https://bugzilla.suse.com/show_bug.cgi?id=1219871 * https://bugzilla.suse.com/show_bug.cgi?id=1227528 * https://bugzilla.suse.com/show_bug.cgi?id=1237347 * https://bugzilla.suse.com/show_bug.cgi?id=1248962 * https://bugzilla.suse.com/show_bug.cgi?id=1248963 * https://bugzilla.suse.com/show_bug.cgi?id=1259083 * https://bugzilla.suse.com/show_bug.cgi?id=1259084 * https://bugzilla.suse.com/show_bug.cgi?id=1259085 . SUSE exiv2 important update addresses nine vulnerabilities with critical fixes to ensure system security.. SUSE exiv2 security update important CVE references vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Apr 01, 2026
•Important
SuSE
202
security advisorydenial of servicebuffer overflowFedora 38 Plasma 5.24 Significant Memory Leak Issue Fedora-SU-2026-50212-8
An update that solves 9 vulnerabilities and has 9 bug fixes can now be installed.. openSUSE security update: security update for exiv2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20410-1 Rating: important References: * bsc#1219870 * bsc#1219871 * bsc#1227528 * bsc#1237347 * bsc#1248962 * bsc#1248963 * bsc#1259083 * bsc#1259084 * bsc#1259085 Cross-References: * CVE-2024-24826 * CVE-2024-25112 * CVE-2024-39695 * CVE-2025-26623 * CVE-2025-54080 * CVE-2025-55304 * CVE-2026-25884 * CVE-2026-27596 * CVE-2026-27631 CVSS scores: * CVE-2024-24826 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-25112 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39695 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2025-26623 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-26623 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-54080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-54080 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55304 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-55304 ( SUSE ): 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25884 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-25884 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27596 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27596 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27631 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 9vulnerabilities and has 9 bug fixes can now be installed. Description: This update for exiv2 fixes the following issues: Update to exiv2 0.28.8: - CVE-2024-24826: out-of-bounds read in QuickTimeVideo: NikonTagsDecoder (bsc#1219870). - CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo: multipleEntriesDecoder (bsc#1219871). - CVE-2024-39695: out-of-bounds read in AsfVideo: streamProperties (bsc#1227528). - CVE-2025-26623: heap buffer overflow via writing metadata into a crafted image file (bsc#1237347). - CVE-2025-54080: out-of-bounds read in `Exiv2: EpsImage: writeMetadata()` when writing metadata into a crafted image file (bsc#1248962). - CVE-2025-55304: quadratic performance algorithm in the ICC profile parsing code of `JpegBase: readMetadata` (bsc#1248963). - CVE-2026-25884: out-of-bounds read in `CrwMap: decode0x0805` (bsc#1259083). - CVE-2026-27596: integer overflow in `LoaderNative: getData()` leads to out-of-bounds read (bsc#1259084). - CVE-2026-27631: crash due to uncaught exception when trying to create `std: vector` larger than `max_size()` (bsc#1259085). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-424=1 Package List: - openSUSE Leap 16.0: exiv2-0.28.8-160000.1.1 exiv2-lang-0.28.8-160000.1.1 libexiv2-28-0.28.8-160000.1.1 libexiv2-28-x86-64-v3-0.28.8-160000.1.1 libexiv2-devel-0.28.8-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2024-24826.html * https://www.suse.com/security/cve/CVE-2024-25112.html * https://www.suse.com/security/cve/CVE-2024-39695.html * https://www.suse.com/security/cve/CVE-2025-26623.html * https://www.suse.com/security/cve/CVE-2025-54080.html * https://www.suse.com/security/cve/CVE-2025-55304.html * https://www.suse.com/security/cve/CVE-2026-25884.html *https://www.suse.com/security/cve/CVE-2026-27596.html * https://www.suse.com/security/cve/CVE-2026-27631.html . A critical update for openSUSE exiv2 addresses 9 important issues, ensuring enhanced system security.. openSUSE exiv2 bug fixes vulnerabilities update. . Severity: Important. LinuxSecurity.com Team
Mar 28, 2026
•Important
OpenSUSE
172
security advisorydenial of servicesecurity issueUbuntu 25.10 Exiv2 Denial Of Service Regression USN-8103-2
USN-8103-1 introduced a regression in Exiv2. ========================================================================== Ubuntu Security Notice USN-8103-2 March 19, 2026 exiv2 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: USN-8103-1 introduced a regression in Exiv2 Software Description: - exiv2: EXIF/IPTC/XMP metadata manipulation tool Details: USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 did not correctly handle reading certain buffers. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-18771) Wen Cheng discovered that Exiv2 did not correctly handle certain memory allocation. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-18899) It was discovered that Exiv2 did not correctly handle writing certain metadata. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2025-54080) It was discovered that Exiv2 did not correctly handle parsing certain metadata. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-55304) It was discovered that Exiv2 did not correctly handle parsing certain images. If a user or system weretricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2026-25884) It was discovered that Exiv2 did not correctly handle previewing certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27596) It was discovered that Exiv2 did not correctly handle certain integer arithmetic. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27631) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 exiv2 0.28.5+dfsg-1ubuntu0.3 libexiv2-28 0.28.5+dfsg-1ubuntu0.3 libexiv2-dev 0.28.5+dfsg-1ubuntu0.3 Ubuntu 24.04 LTS exiv2 0.27.6-1ubuntu0.3 libexiv2-27 0.27.6-1ubuntu0.3 libexiv2-dev 0.27.6-1ubuntu0.3 Ubuntu 22.04 LTS exiv2 0.27.5-3ubuntu1.3 libexiv2-27 0.27.5-3ubuntu1.3 libexiv2-dev 0.27.5-3ubuntu1.3 Ubuntu 20.04 LTS exiv2 0.27.2-8ubuntu2.7+esm3 Available with Ubuntu Pro libexiv2-27 0.27.2-8ubuntu2.7+esm3 Available with Ubuntu Pro libexiv2-dev 0.27.2-8ubuntu2.7+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8103-2 https://ubuntu.com/security/notices/USN-8103-1 CVE-2025-55304, https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/2144731 Package Information: https://launchpad.net/ubuntu/+source/exiv2/0.28.5+dfsg-1ubuntu0.3 https://launchpad.net/ubuntu/+source/exiv2/0.27.6-1ubuntu0.3 https://launchpad.net/ubuntu/+source/exiv2/0.27.5-3ubuntu1.3 . Exiv2 suffers from regressions affecting multiple Ubuntuversions requiring urgent fixes for denial of service.. Exiv2 security issue, denial of service Ubuntu, Ubuntu Exiv2 update. . Severity: Important. LinuxSecurity.com Team
Mar 19, 2026
•Important
Ubuntu
172
security advisorydenial of serviceinformation leakUbuntu 25.10 Exiv2 Critical Denial of Service Vulnerabilities USN-8103-1
Several security issues were fixed in Exiv2.. ========================================================================== Ubuntu Security Notice USN-8103-1 March 18, 2026 exiv2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Exiv2. Software Description: - exiv2: EXIF/IPTC/XMP metadata manipulation tool Details: It was discovered that Exiv2 did not correctly handle reading certain buffers. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-18771) Wen Cheng discovered that Exiv2 did not correctly handle certain memory allocation. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-18899) It was discovered that Exiv2 did not correctly handle writing certain metadata. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2025-54080) It was discovered that Exiv2 did not correctly handle parsing certain metadata. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-55304) It was discovered that Exiv2 did not correctly handle parsing certain images. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2026-25884) It was discovered that Exiv2 did not correctly handle previewing certain images. Anattacker could possibly use this issue to cause a denial of service. (CVE-2026-27596) It was discovered that Exiv2 did not correctly handle certain integer arithmetic. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27631) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 exiv2 0.28.5+dfsg-1ubuntu0.1 Ubuntu 24.04 LTS exiv2 0.27.6-1ubuntu0.1 Ubuntu 22.04 LTS exiv2 0.27.5-3ubuntu1.1 Ubuntu 20.04 LTS exiv2 0.27.2-8ubuntu2.7+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS exiv2 0.25-3.1ubuntu0.18.04.11+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS exiv2 0.25-2.1ubuntu16.04.7+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8103-1 CVE-2020-18771, CVE-2020-18899, CVE-2025-54080, CVE-2025-55304, CVE-2026-25884, CVE-2026-27596, CVE-2026-27631 Package Information: https://launchpad.net/ubuntu/+source/exiv2/0.28.5+dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/exiv2/0.27.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/exiv2/0.27.5-3ubuntu1.1 . Fixes address multiple critical issues in Exiv2 on several Ubuntu releases to prevent denial of service.. Exiv2 Security Advisory, Ubuntu Exiv2 Issues, Denial of Service Exiv2, Metadata Security Issues. . Severity: Critical. LinuxSecurity.com Team
Mar 18, 2026
•Critical
Ubuntu
100
security advisorySuSElowSUSE exiv2 Low Performance Issue Advisory 2026-0231-1 CVE-2025-55304
An update that solves one vulnerability can now be installed.. # Security update for exiv2-0_26 Announcement ID: SUSE-SU-2026:0231-1 Release Date: 2026-01-22T12:23:05Z Rating: low References: * bsc#1248963 Cross-References: * CVE-2025-55304 CVSS scores: * CVE-2025-55304 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-55304 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-55304 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for exiv2-0_26 fixes the following issues: Add reference for previously fixed issue: * CVE-2025-55304: Fixed quadratic performance algorithm in the ICC profile parsing code of `JpegBase::readMetadata` (bsc#1248963). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-231=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-231=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-231=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-231=1 * SUSE LinuxEnterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-231=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-231=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * exiv2-0_26-debugsource-0.26-150400.9.27.1 * libexiv2-26-0.26-150400.9.27.1 * libexiv2-26-debuginfo-0.26-150400.9.27.1 * openSUSE Leap 15.4 (x86_64) * libexiv2-26-32bit-0.26-150400.9.27.1 * libexiv2-26-32bit-debuginfo-0.26-150400.9.27.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libexiv2-26-64bit-debuginfo-0.26-150400.9.27.1 * libexiv2-26-64bit-0.26-150400.9.27.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * exiv2-0_26-debugsource-0.26-150400.9.27.1 * libexiv2-26-0.26-150400.9.27.1 * libexiv2-26-debuginfo-0.26-150400.9.27.1 * openSUSE Leap 15.6 (x86_64) * libexiv2-26-32bit-0.26-150400.9.27.1 * libexiv2-26-32bit-debuginfo-0.26-150400.9.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libexiv2-26-0.26-150400.9.27.1 * libexiv2-26-debuginfo-0.26-150400.9.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libexiv2-26-0.26-150400.9.27.1 * libexiv2-26-debuginfo-0.26-150400.9.27.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libexiv2-26-0.26-150400.9.27.1 * libexiv2-26-debuginfo-0.26-150400.9.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libexiv2-26-0.26-150400.9.27.1 * libexiv2-26-debuginfo-0.26-150400.9.27.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55304.html * https://bugzilla.suse.com/show_bug.cgi?id=1248963 . A low-severity security fix for exiv2-0_26 in SUSE addressing a performance issue due to CVE-2025-55304.. SUSE exiv2 security update CVE-2025-55304. . Severity: Low. LinuxSecurity.com Team
Jan 22, 2026
•Low
SuSE
202
security advisorylowperformanceopenSUSE exiv2 Low Performance Vulnerability Advisory 2026-0231-1
An update that solves one vulnerability can now be installed.. # Security update for exiv2-0_26 Announcement ID: SUSE-SU-2026:0231-1 Release Date: 2026-01-22T12:23:05Z Rating: low References: * bsc#1248963 Cross-References: * CVE-2025-55304 CVSS scores: * CVE-2025-55304 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-55304 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-55304 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for exiv2-0_26 fixes the following issues: Add reference for previously fixed issue: * CVE-2025-55304: Fixed quadratic performance algorithm in the ICC profile parsing code of `JpegBase::readMetadata` (bsc#1248963). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-231=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-231=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-231=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-231=1 * SUSE LinuxEnterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-231=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-231=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * exiv2-0_26-debugsource-0.26-150400.9.27.1 * libexiv2-26-0.26-150400.9.27.1 * libexiv2-26-debuginfo-0.26-150400.9.27.1 * openSUSE Leap 15.4 (x86_64) * libexiv2-26-32bit-0.26-150400.9.27.1 * libexiv2-26-32bit-debuginfo-0.26-150400.9.27.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libexiv2-26-64bit-debuginfo-0.26-150400.9.27.1 * libexiv2-26-64bit-0.26-150400.9.27.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * exiv2-0_26-debugsource-0.26-150400.9.27.1 * libexiv2-26-0.26-150400.9.27.1 * libexiv2-26-debuginfo-0.26-150400.9.27.1 * openSUSE Leap 15.6 (x86_64) * libexiv2-26-32bit-0.26-150400.9.27.1 * libexiv2-26-32bit-debuginfo-0.26-150400.9.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libexiv2-26-0.26-150400.9.27.1 * libexiv2-26-debuginfo-0.26-150400.9.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libexiv2-26-0.26-150400.9.27.1 * libexiv2-26-debuginfo-0.26-150400.9.27.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libexiv2-26-0.26-150400.9.27.1 * libexiv2-26-debuginfo-0.26-150400.9.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libexiv2-26-0.26-150400.9.27.1 * libexiv2-26-debuginfo-0.26-150400.9.27.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55304.html * https://bugzilla.suse.com/show_bug.cgi?id=1248963 . Update for exiv2 on openSUSE addresses a low severity issue affecting performance. Immediate action is recommended.. SUSE updates, openSUSE security, exiv2 patch, low severity updates. . Severity: Low. LinuxSecurity.com Team
Jan 22, 2026
•Low
OpenSUSE
89
security advisoryfedoracriticalFedora 41: inih Critical Performance Flaw CVE-2025-54080, CVE-2025-55304
Update to exiv2-0.28.7, fixes CVE-2025-54080 and CVE-2025-55304.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e5ab9a2288 2025-10-22 01:31:30.739329+00:00 -------------------------------------------------------------------------------- Name : inih Product : Fedora 41 Version : 62 Release : 1.fc41 URL : https://github.com/benhoyt/inih Summary : Simple INI file parser library Description : The inih package provides simple INI file parser which is only a couple of pages of code, and it was designed to be small and simple, so it's good for embedded systems. -------------------------------------------------------------------------------- Update Information: Update to exiv2-0.28.7, fixes CVE-2025-54080 and CVE-2025-55304. -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 14 2025 Sandro Mani - 62-1 - Update to 62 * Sun Jul 27 2025 Sandro Mani - 61-1 - Update to 61 * Thu Jul 24 2025 Fedora Release Engineering - 60-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Apr 15 2025 Sandro Mani - 60-1 - Update to 60 * Fri Apr 4 2025 Sandro Mani - 59-1 - Update to 59 * Sat Mar 22 2025 Sandro Mani - 58-4 - Add mingw packages * Fri Jan 17 2025 Fedora Release Engineering - 58-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391816 - CVE-2025-54080 mingw-exiv2: Exiv2 Segmentation Faults [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391816 [ 2 ] Bug #2391837 - CVE-2025-55304 mingw-exiv2: Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391837 -------------------------------------------------------------------------------- This update can beinstalled with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e5ab9a2288' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Oct 22, 2025
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!