Synopsis: Low: exiv2 security, bug fix, and enhancement update Advisory ID: SLSA-2019:2101-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-12264 CVE-2018-17282 CVE-2018-20098 CVE-2018-20096 CVE-2018-19108 CVE-2018-17581 CVE-2018-19535 CVE-2018-14046 CVE-2018-11037 CVE-2018-9305 CVE-2017-17724 CVE-2018-10772 CVE-2018-19607 CVE-2018-8976 CVE-2018-8977 CVE-2018-12265 CVE-2018-20097 CVE-2018-20099 CVE-2018-18915 CVE-2018-10958 CVE-2018-19107 CVE-2018-10998 -- The following packages have been upgraded to a later upstream version: exiv2 (0.27.0). Security Fix(es): * exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in src/iptc.cpp (CVE-2017-17724) * exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp (CVE-2018-8976) * exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (CVE-2018-8977) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305) * exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772) * exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress() (CVE-2018-10958) * exiv2: SIGABRT by triggering an incorrect Safe::add call (CVE-2018-10998) * exiv2: information leak via a crafted file (CVE-2018-11037) * exiv2: integer overflow in getData function in preview.cpp (CVE-2018-12264) * exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp (CVE-2018-12265) * exiv2: heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp (CVE-2018-14046) * exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282) * exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581) * exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915) * exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107) * exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108) * exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535) * exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607) * exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096) * exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097) * exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098) * exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099) -- SL7 x86_64 exiv2-libs-0.27.0-2.el7_6.x86_64.rpm exiv2-0.27.0-2.el7_6.x86_64.rpm exiv2-libs-0.27.0-2.el7_6.i686.rpm exiv2-devel-0.27.0-2.el7_6.x86_64.rpm exiv2-devel-0.27.0-2.el7_6.i686.rpm exiv2-doc-0.27.0-2.el7_6.noarch.rpm exiv2-debuginfo-0.27.0-2.el7_6.i686.rpm exiv2-debuginfo-0.27.0-2.el7_6.x86_64.rpm noarch exiv2-doc-0.27.0-2.el7_6.noarch.rpm - Scientific Linux Development Team