Exiv2: Multiple vulnerabilities — GLSA 201811-14

Multiple vulnerabilities have been found in Exiv2, the worst of which could result in a Denial of Service condition.

Affected Packages

media-gfx/exiv2 on all architectures
Affected versions < 0.26_p20180811-r3
Unaffected versions >= 0.26_p20180811-r3

Background

Exiv2 is a C++ library and a command line utility to manage image metadata.

Description

Multiple vulnerabilities have been discovered in Exiv2. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could cause a Denial of Service condition or obtain sensitive information via a specially crafted file.

Workaround

There is no known workaround at this time.

Resolution

All Exiv2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=media-gfx/exiv2-0.26_p20180811-r3"
 

References

Release Date
November 24, 2018

Latest Revision
November 24, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries