Описание
Security update for exiv2-0_26
This update for exiv2-0_26 fixes the following issues:
Add reference for previously fixed issue:
- CVE-2025-55304: Fixed quadratic performance algorithm in the ICC profile parsing code of
JpegBase::readMetadata(bsc#1248963).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libexiv2-26-0.26-150400.9.27.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libexiv2-26-0.26-150400.9.27.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libexiv2-26-0.26-150400.9.27.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libexiv2-26-0.26-150400.9.27.1
openSUSE Leap 15.6
libexiv2-26-0.26-150400.9.27.1
libexiv2-26-32bit-0.26-150400.9.27.1
Ссылки
- Link for SUSE-SU-2026:0231-1
- E-Mail link for SUSE-SU-2026:0231-1
- SUSE Security Ratings
- SUSE Bug 1248963
- SUSE CVE CVE-2025-55304 page
Описание
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libexiv2-26-0.26-150400.9.27.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libexiv2-26-0.26-150400.9.27.1
SUSE Linux Enterprise Server 15 SP4-LTSS:libexiv2-26-0.26-150400.9.27.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4:libexiv2-26-0.26-150400.9.27.1
Ссылки
- CVE-2025-55304
- SUSE Bug 1248963