Описание
Security update for exiv2
This update for exiv2 fixes the following issues:
exiv2 was updated to latest 0.26 branch, fixing bugs and security issues:
- CVE-2018-12264, CVE-2018-12265: Integer overflows in the LoaderExifJpeg class could lead to memory corruption (bsc#1097599)
Список пакетов
openSUSE Leap 15.0
exiv2-0.26-lp150.5.6.1
exiv2-lang-0.26-lp150.5.6.1
libexiv2-26-0.26-lp150.5.6.1
libexiv2-26-32bit-0.26-lp150.5.6.1
libexiv2-devel-0.26-lp150.5.6.1
libexiv2-doc-0.26-lp150.5.6.1
Ссылки
- E-Mail link for openSUSE-SU-2018:3306-1
- SUSE Security Ratings
Описание
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
Затронутые продукты
openSUSE Leap 15.0:exiv2-0.26-lp150.5.6.1
openSUSE Leap 15.0:exiv2-lang-0.26-lp150.5.6.1
openSUSE Leap 15.0:libexiv2-26-0.26-lp150.5.6.1
openSUSE Leap 15.0:libexiv2-26-32bit-0.26-lp150.5.6.1
Ссылки
- CVE-2018-12264
- SUSE Bug 1097600
Описание
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
Затронутые продукты
openSUSE Leap 15.0:exiv2-0.26-lp150.5.6.1
openSUSE Leap 15.0:exiv2-lang-0.26-lp150.5.6.1
openSUSE Leap 15.0:libexiv2-26-0.26-lp150.5.6.1
openSUSE Leap 15.0:libexiv2-26-32bit-0.26-lp150.5.6.1
Ссылки
- CVE-2018-12265
- SUSE Bug 1097599