[Desktop-packages] [Bug 1923479] Re: out of buffer access and Integer overflow in Exiv2

Launchpad Bug Tracker Mon, 10 May 2021 11:32:04 -0700

This bug was fixed in the package exiv2 - 0.27.3-3ubuntu0.2

---------------
exiv2 (0.27.3-3ubuntu0.2) groovy-security; urgency=medium


  * SECURITY UPDATE: Heap buffer overflow
    - debian/patches/CVE-2021-3482-*.patch: fix buffer overflow
      in src/jp2image.cpp and adds tests test/data/poc_1522.jp2,
      tests/bugfixes/github/test_issue_1522.py.
    - debian/source/include-binaries: add poc_1522.jp2 entry.
    - CVE-2021-3482
  * SECURITY UPDATE: An out of buffer access
    - debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp
      (LP: #1923479)
    - CVE-2021-29457
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp
      (LP: #1923479)
    - CVE-2021-29458
  * SECURITY UPDATE: Out-of-bounds
    - debian/patches/CVE-2021-29470-*.patch: Add more bound checks in
      Jp2Image::encodeJp2Header and add some tests from/for github.
    - CVE-2021-29470

 -- Leonidas Da Silva Barbosa <leo.barb...@canonical.com>  Mon, 12 Apr
2021 15:25:12 -0300

** Changed in: exiv2 (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-29470

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3482

** Changed in: exiv2 (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to exiv2 in Ubuntu.
https://bugs.launchpad.net/bugs/1923479

Title:
  out of buffer access and Integer overflow in Exiv2

Status in exiv2 package in Ubuntu:
  Fix Released

Bug description:
  An out of buffer access: 
https://github.com/Exiv2/exiv2/commit/13e5a3e02339b746abcaee6408893ca2fd8e289d
  and a Integer overflow : 
https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0

  affects Exiv2 in ubuntu releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1923479/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1923479] Re: out of buffer access and Integer overflow in Exiv2

Reply via email to