All errata/sisyphus/ALT-PU-2024-2322-2
ALT-PU-2024-2322-2

Package update exiv2 in branch sisyphus

Version0.28.2-alt1
Task#340673
Published2026-02-04
Max severityMEDIUM
Severity:

Closed issues (4)

CVE-2024-24826
MEDIUM5.0

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: 2024-02-12Modified: 2024-11-21
CVSS 3.xMEDIUM 5.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
References
CVE-2024-25112
MEDIUM5.0

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: 2024-02-12Modified: 2024-11-21
CVSS 3.xMEDIUM 5.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
References
GHSA-crmj-qh74-2r36
MEDIUM5.5

Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder

Published: 2024-10-17Modified: 2024-10-23
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
GHSA-g9xm-7538-mq8w
MEDIUM5.5

Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder

Published: 2024-10-17Modified: 2024-10-23
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References