Red Hat Security Advisory: exiv2 security, bug fix, and enhancement update
🔗 CVE IDs covered (12)
📋 Description
CVE-2021-3482 — exiv2: Heap-based buffer overflow in Jp2Image::readMetadata() CVE-2021-29457 — exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata CVE-2021-29458 — exiv2: Out-of-bounds read in Exiv2::Internal::CrwMap::encode CVE-2021-29463 — exiv2: Out-of-bounds read in Exiv2::WebPImage::doWriteMetadata CVE-2021-29464 — exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::encodeJp2Header CVE-2021-29470 — exiv2: Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header CVE-2021-29473 — exiv2: Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata CVE-2021-29623 — exiv2: Use of uninitialized memory in isWebPType() may lead to information leak CVE-2021-31292 — exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS CVE-2021-32617 — exiv2: DoS due to quadratic complexity in ProcessUTF8Portion CVE-2021-37618 — exiv2: Out-of-bounds read in Exiv2::Jp2Image::printStructure CVE-2021-37619 — exiv2: Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
🔗 References (17)
- selfhttps://access.redhat.com/errata/RHSA-2021:4173
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1946314
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1952607
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1952612
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1953708
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1954065
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1961650
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1961691
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1978100
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1978105
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1989860
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1990330
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1992165
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1992174
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4173.json