{"affected":[{"ecosystem_specific":{"binaries":[{"exiv2":"0.26-lp151.7.3.1","exiv2-lang":"0.26-lp151.7.3.1","libexiv2-26":"0.26-lp151.7.3.1","libexiv2-26-32bit":"0.26-lp151.7.3.1","libexiv2-devel":"0.26-lp151.7.3.1","libexiv2-doc":"0.26-lp151.7.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"exiv2","purl":"pkg:rpm/opensuse/exiv2&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.26-lp151.7.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for exiv2 fixes the following issues:\n\nexiv2 was updated to latest 0.26 branch, fixing bugs and security issues:\n\n- CVE-2017-1000126: Fixed an out of bounds read in webp parser (bsc#1068873).\n- CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973).\n- CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which\n  might have led to an out-of-bounds read (bsc#1097600).\n- CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could have \n  led to memory corruption (bsc#1097599).\n- CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109175).\n- CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109176).\n- CVE-2018-17282: Fixed a null pointer dereference in Exiv2::DataValue::copy (bsc#1109299).\n- CVE-2018-19108: Fixed an integer overflow in Exiv2::PsdImage::readMetadata which could have \n  led to infinite loop (bsc#1115364).\n- CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed which might have led to denial \n  of service (bsc#1117513).\n- CVE-2018-9305:  Fixed an out of bounds read in IptcData::printStructure which might have led to \n  to information leak or denial of service (bsc#1088424).\n- CVE-2019-13114: Fixed a null pointer dereference which might have led to denial of service via \n  a crafted response of an malicious http server (bsc#1142684).\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2020:0482-1","modified":"2020-04-08T18:18:55Z","published":"2020-04-08T18:18:55Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U7X32HSPSOKHILGP4IPOOWMROAKSPGIY/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1040973"},{"type":"REPORT","url":"https://bugzilla.suse.com/1068873"},{"type":"REPORT","url":"https://bugzilla.suse.com/1088424"},{"type":"REPORT","url":"https://bugzilla.suse.com/1097599"},{"type":"REPORT","url":"https://bugzilla.suse.com/1097600"},{"type":"REPORT","url":"https://bugzilla.suse.com/1109175"},{"type":"REPORT","url":"https://bugzilla.suse.com/1109176"},{"type":"REPORT","url":"https://bugzilla.suse.com/1109299"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115364"},{"type":"REPORT","url":"https://bugzilla.suse.com/1117513"},{"type":"REPORT","url":"https://bugzilla.suse.com/1142684"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-1000126"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9239"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12264"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12265"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17229"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17230"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17282"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19108"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19607"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-9305"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-13114"}],"related":["CVE-2017-1000126","CVE-2017-9239","CVE-2018-12264","CVE-2018-12265","CVE-2018-17229","CVE-2018-17230","CVE-2018-17282","CVE-2018-19108","CVE-2018-19607","CVE-2018-9305","CVE-2019-13114"],"summary":"Security update for exiv2","upstream":["CVE-2017-1000126","CVE-2017-9239","CVE-2018-12264","CVE-2018-12265","CVE-2018-17229","CVE-2018-17230","CVE-2018-17282","CVE-2018-19108","CVE-2018-19607","CVE-2018-9305","CVE-2019-13114"]}