{"id":"MGASA-2021-0240","summary":"Updated exiv2 packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\n\nHeap-based buffer overflow in Jp2Image::readMetadata(). (CVE-2021-3482)\n\nHeap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata.\n(CVE-2021-29457)\n\nOut-of-bounds read in Exiv2::Internal::CrwMap::encode. (CVE-2021-29458)\n\nExiv2 incorrectly handled certain files.  An attacker could possibly use\nthis issue to cause a denial of service. (CVE-2021-29463)\n\nExiv2 incorrectly handled certain files.  An attacker could possibly use\nthis issue to execute arbitrary code. (CVE-2021-29464)\n\nOut-of-bounds read in Exiv2::Jp2Image::encodeJp2Header. (CVE-2021-29470)\n\nOut-of-bounds read in Exiv2::Jp2Image::doWriteMetadata. (CVE-2021-29473)\n\nRead of uninitialized memory may lead to information leak. (CVE-2021-29623)\n\nDoS due to quadratic complexity in ProcessUTF8Portion. (CVE-2021-32617)\n","modified":"2026-04-16T00:09:56.479583101Z","published":"2021-06-08T16:46:03Z","upstream":["CVE-2021-29457","CVE-2021-29458","CVE-2021-29463","CVE-2021-29464","CVE-2021-29470","CVE-2021-29473","CVE-2021-29623","CVE-2021-32617","CVE-2021-3482"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0240.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29008"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4941-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4964-1"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/"}],"affected":[{"package":{"name":"exiv2","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/exiv2?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.27.1-3.5.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0240.json"}},{"package":{"name":"exiv2","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/exiv2?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.27.3-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0240.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}