1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202407-27 ] ExifTool: Multiple vulnerabilities

    From glsamaker@gentoo.org@21:1/5 to All on Wed Jul 24 08:20:01 2024
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202407-27
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: Normal
    Title: ExifTool: Multiple vulnerabilities
    Date: July 24, 2024
    Bugs: #785667, #791397, #803317, #832033
    ID: 202407-27

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been discovered in ExifTool, the worst of
    which could lead to arbitrary code execution.

    Background
    ==========

    ExifTool is a platform-independent Perl library plus a command-line
    application for reading, writing and editing meta information in a wide
    variety of files.

    Affected packages
    =================

    Package Vulnerable Unaffected
    ------------------- ------------ ------------
    media-libs/exiftool < 12.42 >= 12.42

    Description
    ===========

    Multiple vulnerabilities have been discovered in ExifTool. Please review
    the CVE identifiers referenced below for details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All ExifTool users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/exiftool-12.42"

    References
    ==========

    [ 1 ] CVE-2021-22204
    https://nvd.nist.gov/vuln/detail/CVE-2021-22204
    [ 2 ] CVE-2022-23935
    https://nvd.nist.gov/vuln/detail/CVE-2022-23935

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202407-27

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2024 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmagmmMACgkQFMQkOaVy +9nlwQ//R2YJKMkS+lGYV9BKAhJGyNYE6Z9AySaIhIhi4uDFv3/ap8QfJM2pI3kO miBeM9vknvRoMPfgZd9ltPXnv+wGxNj92Q3KlGuX5Nq6f1q1BkxmgLgcVYf+cyMU Unx9xr4284C2lSBx7s1glFfeEmjCmvwjxgG8Uu3urJwCqySEN0hcLaAkGa8m3C5p lv95JzstYr8Y9lpSNwG+pEAfurYUhNrO5T0UvzRAeFmxBnIZmW/AtAaJxZl5+UhR D6hRaS+is0zCFK9+Oap2X61f0Qa3jEum0/vRyS4MgyQch+jwZHvXPzLkMkcdUHxY ubgIMaMoqKIbp3/qP55ioNr9B+6leGajFoBNYeAqzP9L37BwJp3BTVNl0DvOZm5D /P0g63FJR0PU6Ht9MGwSoaQj7GnFRynjYvoNq35j7ffYZJ+JfFvqoZ9UCCBII89W 6ZhuYHhXe3JLiKS3G1nC1+E6ov8DfUFvOOfBKOioiNS449vFvcs4KTwVXzWExQGe FyYu9eIUO5v/xzPEMSTM8wBMNuLervTqjlp5G3Ve7Q09pIsZASnSIXAp4kzi47qk vDXNqGj4CCjdt8QUJ9ZNMOWxgg5jlLlzvMWP7pBtSOBcF0earaBEkBLAfATJLG1E Rf+qW5eds4HmBDjIvay5BddVmOezK2klK1fblRkdWZKwC/ptbig=
    =5sSL
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)