Forum: >>> Magnum BBS <<<

[gentoo-announce] [ GLSA 202312-06 ] Exiv2: Multiple Vulnerabilities

From glsamaker@gentoo.org@21:1/5 to All on Fri Dec 22 10:30:01 2023

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202312-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Exiv2: Multiple Vulnerabilities
Date: December 22, 2023
Bugs: #785646, #807346, #917650
ID: 202312-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Exiv2, the worst of
which can lead to remote code execution.

Background
==========

Exiv2 is a C++ library and set of tools for parsing, editing and saving
Exif and IPTC metadata from images. Exif, the Exchangeable image file
format, specifies the addition of metadata tags to JPEG, TIFF and RIFF
files.

Affected packages
=================

Package Vulnerable Unaffected
--------------- ------------ ------------
media-gfx/exiv2 < 0.28.1 >= 0.28.1

Description
===========

Multiple vulnerabilities have been discovered in Exiv2. Please review
the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Exiv2 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.1"

References
==========

[ 1 ] CVE-2020-18771
https://nvd.nist.gov/vuln/detail/CVE-2020-18771
[ 2 ] CVE-2020-18773
https://nvd.nist.gov/vuln/detail/CVE-2020-18773
[ 3 ] CVE-2020-18774
https://nvd.nist.gov/vuln/detail/CVE-2020-18774
[ 4 ] CVE-2020-18899
https://nvd.nist.gov/vuln/detail/CVE-2020-18899
[ 5 ] CVE-2021-29457
https://nvd.nist.gov/vuln/detail/CVE-2021-29457
[ 6 ] CVE-2021-29458
https://nvd.nist.gov/vuln/detail/CVE-2021-29458
[ 7 ] CVE-2021-29463
https://nvd.nist.gov/vuln/detail/CVE-2021-29463
[ 8 ] CVE-2021-29464
https://nvd.nist.gov/vuln/detail/CVE-2021-29464
[ 9 ] CVE-2021-29470
https://nvd.nist.gov/vuln/detail/CVE-2021-29470
[ 10 ] CVE-2021-29473
https://nvd.nist.gov/vuln/detail/CVE-2021-29473
[ 11 ] CVE-2021-29623
https://nvd.nist.gov/vuln/detail/CVE-2021-29623
[ 12 ] CVE-2021-31291
https://nvd.nist.gov/vuln/detail/CVE-2021-31291
[ 13 ] CVE-2021-31292
https://nvd.nist.gov/vuln/detail/CVE-2021-31292
[ 14 ] CVE-2021-32617
https://nvd.nist.gov/vuln/detail/CVE-2021-32617
[ 15 ] CVE-2021-32815
https://nvd.nist.gov/vuln/detail/CVE-2021-32815
[ 16 ] CVE-2021-34334
https://nvd.nist.gov/vuln/detail/CVE-2021-34334
[ 17 ] CVE-2021-34335
https://nvd.nist.gov/vuln/detail/CVE-2021-34335
[ 18 ] CVE-2021-37615
https://nvd.nist.gov/vuln/detail/CVE-2021-37615
[ 19 ] CVE-2021-37616
https://nvd.nist.gov/vuln/detail/CVE-2021-37616
[ 20 ] CVE-2021-37618
https://nvd.nist.gov/vuln/detail/CVE-2021-37618
[ 21 ] CVE-2021-37619
https://nvd.nist.gov/vuln/detail/CVE-2021-37619
[ 22 ] CVE-2021-37620
https://nvd.nist.gov/vuln/detail/CVE-2021-37620
[ 23 ] CVE-2021-37621
https://nvd.nist.gov/vuln/detail/CVE-2021-37621
[ 24 ] CVE-2021-37622
https://nvd.nist.gov/vuln/detail/CVE-2021-37622
[ 25 ] CVE-2021-37623
https://nvd.nist.gov/vuln/detail/CVE-2021-37623
[ 26 ] CVE-2023-44398
https://nvd.nist.gov/vuln/detail/CVE-2023-44398

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202312-06

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmWFVbcACgkQFMQkOaVy +9mjxw//fo3rXKEb8RMR9ds4aN8CZL6d8itstEs31exYfi7jAx07RL0JciJn8KY3 E4KKmqCWXOeIMCxHyF/4WMGJ235a+2oB6X8/Odi4odvpZft/6hQjc2C37WxwVg0p qmkUQv8IGs5zGJZJIM/iQTs+orlDvdIjDtwky9lID4XdWSiQPRpK7VAL/GvFY5pj o4EYa6M1qS9pBS4BGqI0ViE8FPMGmWZDvjCpz//FjyulKWqnFYybFO21Kpe1UNfe tF7E8Ig5n1u6tnOLxS78Z1JObz1CDWhz8coOS0Cp2kT6yBX7zNr4DD65oHMrJvtq 1sqcba3XpoJyQVFKi/WhaqTlJCG9IaH3oNoYE1UGgOuIKqLzW0Ir9zP/HV6NKRxn boGK8Ddy/C9q5s1ppE7BcIHbDmjeYt4pqHQuIf3kdYiT8iztBpUcRy/22GddwQoO FivKNr58f4hzyPj4jall8GFj2SpI7kn8KGkTcIA5FcXS9PqRlp28TGdt1jRpgoSl aY3WPqsljf4Jnj7mcPvOlh6f2S95ooco6Iofe45uWCMpP9t+OAaHPvqswA65fefp xdPw8Czpnq/sczX9Xl/kaXwjqF05oHyqUv8K/MiTUvCvv0xPoavtA2118lP9vsn2 TkXGRjf5UPy79szlbQSm8icNlOTEhQZmjJDDg0X8/qhGZ2KtY7E=
=fhh4
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Tnmoc
  Sat Jun 7 13:44:20 2025
  from Milton Keynes via Telnet
- Tnmoc
  Sat Jun 7 13:40:01 2025
  from Milton Keynes via Telnet
- Plume
  Sat Jun 7 11:13:29 2025
  from Uk via SSH
- Gwylbert
  Sat Jun 7 08:57:45 2025
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 7 04:30:40 2025
  from Berea, Ohio via Telnet
- Plume
  Fri Jun 6 22:32:36 2025
  from Uk via Telnet
- Adam Fancher
  Fri Jun 6 18:28:55 2025
  from Winsted, Ct via Telnet
- Centurion
  Fri Jun 6 16:53:47 2025
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	486
Nodes:	16 (2 / 14)
Uptime:	139:39:09
Calls:	9,657
Calls today:	5
Files:	13,708
Messages:	6,167,333

[gentoo-announce] [ GLSA 202312-06 ] Exiv2: Multiple Vulnerabilities

Who's Online

Recent Visitors

System Info