Forum: >>> Magnum BBS <<<

[gentoo-announce] [ GLSA 202312-06 ] Exiv2: Multiple Vulnerabilities

From glsamaker@gentoo.org@21:1/5 to All on Fri Dec 22 10:30:01 2023

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202312-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Exiv2: Multiple Vulnerabilities
Date: December 22, 2023
Bugs: #785646, #807346, #917650
ID: 202312-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Exiv2, the worst of
which can lead to remote code execution.

Background
==========

Exiv2 is a C++ library and set of tools for parsing, editing and saving
Exif and IPTC metadata from images. Exif, the Exchangeable image file
format, specifies the addition of metadata tags to JPEG, TIFF and RIFF
files.

Affected packages
=================

Package Vulnerable Unaffected
--------------- ------------ ------------
media-gfx/exiv2 < 0.28.1 >= 0.28.1

Description
===========

Multiple vulnerabilities have been discovered in Exiv2. Please review
the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Exiv2 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.1"

References
==========

[ 1 ] CVE-2020-18771
https://nvd.nist.gov/vuln/detail/CVE-2020-18771
[ 2 ] CVE-2020-18773
https://nvd.nist.gov/vuln/detail/CVE-2020-18773
[ 3 ] CVE-2020-18774
https://nvd.nist.gov/vuln/detail/CVE-2020-18774
[ 4 ] CVE-2020-18899
https://nvd.nist.gov/vuln/detail/CVE-2020-18899
[ 5 ] CVE-2021-29457
https://nvd.nist.gov/vuln/detail/CVE-2021-29457
[ 6 ] CVE-2021-29458
https://nvd.nist.gov/vuln/detail/CVE-2021-29458
[ 7 ] CVE-2021-29463
https://nvd.nist.gov/vuln/detail/CVE-2021-29463
[ 8 ] CVE-2021-29464
https://nvd.nist.gov/vuln/detail/CVE-2021-29464
[ 9 ] CVE-2021-29470
https://nvd.nist.gov/vuln/detail/CVE-2021-29470
[ 10 ] CVE-2021-29473
https://nvd.nist.gov/vuln/detail/CVE-2021-29473
[ 11 ] CVE-2021-29623
https://nvd.nist.gov/vuln/detail/CVE-2021-29623
[ 12 ] CVE-2021-31291
https://nvd.nist.gov/vuln/detail/CVE-2021-31291
[ 13 ] CVE-2021-31292
https://nvd.nist.gov/vuln/detail/CVE-2021-31292
[ 14 ] CVE-2021-32617
https://nvd.nist.gov/vuln/detail/CVE-2021-32617
[ 15 ] CVE-2021-32815
https://nvd.nist.gov/vuln/detail/CVE-2021-32815
[ 16 ] CVE-2021-34334
https://nvd.nist.gov/vuln/detail/CVE-2021-34334
[ 17 ] CVE-2021-34335
https://nvd.nist.gov/vuln/detail/CVE-2021-34335
[ 18 ] CVE-2021-37615
https://nvd.nist.gov/vuln/detail/CVE-2021-37615
[ 19 ] CVE-2021-37616
https://nvd.nist.gov/vuln/detail/CVE-2021-37616
[ 20 ] CVE-2021-37618
https://nvd.nist.gov/vuln/detail/CVE-2021-37618
[ 21 ] CVE-2021-37619
https://nvd.nist.gov/vuln/detail/CVE-2021-37619
[ 22 ] CVE-2021-37620
https://nvd.nist.gov/vuln/detail/CVE-2021-37620
[ 23 ] CVE-2021-37621
https://nvd.nist.gov/vuln/detail/CVE-2021-37621
[ 24 ] CVE-2021-37622
https://nvd.nist.gov/vuln/detail/CVE-2021-37622
[ 25 ] CVE-2021-37623
https://nvd.nist.gov/vuln/detail/CVE-2021-37623
[ 26 ] CVE-2023-44398
https://nvd.nist.gov/vuln/detail/CVE-2023-44398

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202312-06

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmWFVbcACgkQFMQkOaVy +9mjxw//fo3rXKEb8RMR9ds4aN8CZL6d8itstEs31exYfi7jAx07RL0JciJn8KY3 E4KKmqCWXOeIMCxHyF/4WMGJ235a+2oB6X8/Odi4odvpZft/6hQjc2C37WxwVg0p qmkUQv8IGs5zGJZJIM/iQTs+orlDvdIjDtwky9lID4XdWSiQPRpK7VAL/GvFY5pj o4EYa6M1qS9pBS4BGqI0ViE8FPMGmWZDvjCpz//FjyulKWqnFYybFO21Kpe1UNfe tF7E8Ig5n1u6tnOLxS78Z1JObz1CDWhz8coOS0Cp2kT6yBX7zNr4DD65oHMrJvtq 1sqcba3XpoJyQVFKi/WhaqTlJCG9IaH3oNoYE1UGgOuIKqLzW0Ir9zP/HV6NKRxn boGK8Ddy/C9q5s1ppE7BcIHbDmjeYt4pqHQuIf3kdYiT8iztBpUcRy/22GddwQoO FivKNr58f4hzyPj4jall8GFj2SpI7kn8KGkTcIA5FcXS9PqRlp28TGdt1jRpgoSl aY3WPqsljf4Jnj7mcPvOlh6f2S95ooco6Iofe45uWCMpP9t+OAaHPvqswA65fefp xdPw8Czpnq/sczX9Xl/kaXwjqF05oHyqUv8K/MiTUvCvv0xPoavtA2118lP9vsn2 TkXGRjf5UPy79szlbQSm8icNlOTEhQZmjJDDg0X8/qhGZ2KtY7E=
=fhh4
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Gretchiie
  Sun Sep 14 06:07:30 2025
  from Derry, Nh via Telnet
- Thlc
  Sat Sep 13 17:11:34 2025
  from Rognac, France via Telnet
- Thlc
  Sat Sep 13 17:04:03 2025
  from Rognac, France via Telnet
- Thlc
  Sat Sep 13 16:32:19 2025
  from Rognac, France via SSH
- Thlc
  Sat Sep 13 15:41:11 2025
  from Rognac, France via SSH
- Thlc
  Sat Sep 13 07:56:03 2025
  from Rognac, France via SSH
- Gretchiie
  Sat Sep 13 07:22:10 2025
  from Derry, Nh via Telnet
- Thlc
  Sat Sep 13 06:57:56 2025
  from Rognac, France via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (0 / 16)
Uptime:	157:21:03
Calls:	10,384
Calls today:	1
Files:	14,056
Messages:	6,416,479

[gentoo-announce] [ GLSA 202312-06 ] Exiv2: Multiple Vulnerabilities

Who's Online

Recent Visitors

System Info