{"id":"MGASA-2017-0391","summary":"Updated exiv2 packages fix security vulnerabilities & bugs","details":"Opening an image created on certain pentax cameras with gwenview, which\nuses the exiv2 library, causes gwenview to segfault. Exiv2 upstream\ncreated a patch to resolve this problem (bugfix - applies only to mga6).\n\nThe following security issues were also fixed:\n*Heap overflow in Exiv2::Image::printIFDStructure (CVE-2017-11336)\n*Invalid free in the Action::TaskFactory::cleanup function\n(CVE-2017-11337)\n*Infinite loop in the Exiv2::Image::printIFDStructure function of\nimage.cpp (CVE-2017-11338)\n*Heap-based buffer overflow in the Image::printIFDStructure function of\nimage.cpp (CVE-2017-11339)\n*Segmentation fault in the XmpParser::terminate() function\n(CVE-2017-11340)\n*Illegal address access in the extend_alias_table function in\nlocalealias.c (CVE-2017-11553)\n*Floating point exception in the Exiv2::ValueType function\n(CVE-2017-11591)\n*Alloc-dealloc-mismatch in Exiv2::FileIo::seek (CVE-2017-11592)\n*Reachable assertion in the Internal::TiffReader::visitDirectory\nfunction in tiffvisitor.cpp (CVE-2017-11683)\n*Heap-based buffer overflow in basicio.cpp (CVE-2017-12955)\n*Illegal address access in Exiv2::FileIo::path[abi:cxx11]() in\nbasicio.cpp (CVE-2017-12956)\n*Heap-based buffer over-read in the Exiv2::Image::io function in\nimage.cpp (CVE-2017-12957)\n*Bad free in Exiv2::Image::~Image (CVE-2017-14857)\n*Invalid memory address dereference in Exiv2::DataValue::read\n(CVE-2017-14859)\n*Heap-buffer-overflow in Exiv2::Jp2Image::readMetadata (CVE-2017-14860)\n*Invalid memory address dereference in Exiv2::StringValueBase::read\n(CVE-2017-14862)\n*Invalid memory address dereference in Exiv2::getULong (CVE-2017-14864)\n","modified":"2026-02-02T01:08:56.623304Z","published":"2017-10-30T19:23:17Z","related":["CVE-2017-11336","CVE-2017-11337","CVE-2017-11338","CVE-2017-11339","CVE-2017-11340","CVE-2017-11553","CVE-2017-11591","CVE-2017-11592","CVE-2017-11683","CVE-2017-12955","CVE-2017-12956","CVE-2017-12957","CVE-2017-14857","CVE-2017-14859","CVE-2017-14860","CVE-2017-14862","CVE-2017-14864"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0391.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21158"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21922"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2017/06/30/1"}],"affected":[{"package":{"name":"exiv2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/exiv2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.24-5.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0391.json"}},{"package":{"name":"exiv2","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/exiv2?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.26-2.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0391.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}