An update for exiv2 is now available for openEuler-24.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2024-1841
Final
1.0
1.0
2024-07-12
Initial
2024-07-12
2024-07-12
openEuler SA Tool V1.0
2024-07-12
exiv2 security update
An update for exiv2 is now available for openEuler-24.03-LTS
Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats.
Security Fix(es):
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.(CVE-2024-39695)
An update for exiv2 is now available for openEuler-24.03-LTS.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
exiv2
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1841
https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39695
https://nvd.nist.gov/vuln/detail/CVE-2024-39695
openEuler-24.03-LTS
exiv2-0.28.2-2.oe2403.aarch64.rpm
exiv2-debuginfo-0.28.2-2.oe2403.aarch64.rpm
exiv2-debugsource-0.28.2-2.oe2403.aarch64.rpm
exiv2-devel-0.28.2-2.oe2403.aarch64.rpm
exiv2-0.28.2-2.oe2403.src.rpm
exiv2-0.28.2-2.oe2403.x86_64.rpm
exiv2-debuginfo-0.28.2-2.oe2403.x86_64.rpm
exiv2-debugsource-0.28.2-2.oe2403.x86_64.rpm
exiv2-devel-0.28.2-2.oe2403.x86_64.rpm
exiv2-help-0.28.2-2.oe2403.noarch.rpm
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
2024-07-12
CVE-2024-39695
openEuler-24.03-LTS
Medium
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
exiv2 security update
2024-07-12
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1841