Exiv2: Multiple vulnerabilities — GLSA 201811-14

Multiple vulnerabilities have been found in Exiv2, the worst of which could result in a Denial of Service condition.

Affected packages

Background

Exiv2 is a C++ library and a command line utility to manage image metadata.

Description

Multiple vulnerabilities have been discovered in Exiv2. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could cause a Denial of Service condition or obtain sensitive information via a specially crafted file.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=media-gfx/exiv2-0.26_p20180811-r3"
 

References

• CVE-2017-17723
• CVE-2017-17724
• CVE-2018-10780
• CVE-2018-10958
• CVE-2018-10998
• CVE-2018-10999
• CVE-2018-11037
• CVE-2018-11531
• CVE-2018-12264
• CVE-2018-12265
• CVE-2018-5772
• CVE-2018-8976
• CVE-2018-8977
• CVE-2018-9144
• CVE-2018-9145
• CVE-2018-9146
• CVE-2018-9303
• CVE-2018-9304
• CVE-2018-9305
• CVE-2018-9306

Release date
November 24, 2018

Latest revision
November 24, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries

• 647810
• 647812
• 647816
• 652822
• 655842
• 655958
• 658236