An update for exiv2 is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1841 Final 1.0 1.0 2024-07-12 Initial 2024-07-12 2024-07-12 openEuler SA Tool V1.0 2024-07-12 exiv2 security update An update for exiv2 is now available for openEuler-24.03-LTS Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fix(es): Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.(CVE-2024-39695) An update for exiv2 is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium exiv2 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1841 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39695 https://nvd.nist.gov/vuln/detail/CVE-2024-39695 openEuler-24.03-LTS exiv2-0.28.2-2.oe2403.aarch64.rpm exiv2-debuginfo-0.28.2-2.oe2403.aarch64.rpm exiv2-debugsource-0.28.2-2.oe2403.aarch64.rpm exiv2-devel-0.28.2-2.oe2403.aarch64.rpm exiv2-0.28.2-2.oe2403.src.rpm exiv2-0.28.2-2.oe2403.x86_64.rpm exiv2-debuginfo-0.28.2-2.oe2403.x86_64.rpm exiv2-debugsource-0.28.2-2.oe2403.x86_64.rpm exiv2-devel-0.28.2-2.oe2403.x86_64.rpm exiv2-help-0.28.2-2.oe2403.noarch.rpm Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3. 2024-07-12 CVE-2024-39695 openEuler-24.03-LTS Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L exiv2 security update 2024-07-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1841