This bug was fixed in the package exiv2 - 0.27.3-3ubuntu0.2
---------------
exiv2 (0.27.3-3ubuntu0.2) groovy-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-3482-*.patch: fix buffer overflow
in src/jp2image.cpp and adds tests test/data/poc_1522.jp2,
tests/bugfixes/github/test_issue_1522.py.
- debian/source/include-binaries: add poc_1522.jp2 entry.
- CVE-2021-3482
* SECURITY UPDATE: An out of buffer access
- debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp
(LP: #1923479)
- CVE-2021-29457
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp
(LP: #1923479)
- CVE-2021-29458
* SECURITY UPDATE: Out-of-bounds
- debian/patches/CVE-2021-29470-*.patch: Add more bound checks in
Jp2Image::encodeJp2Header and add some tests from/for github.
- CVE-2021-29470
-- Leonidas Da Silva Barbosa <leo.barb...@canonical.com> Mon, 12 Apr
2021 15:25:12 -0300
** Changed in: exiv2 (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-29470
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3482
** Changed in: exiv2 (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1923479
Title:
out of buffer access and Integer overflow in Exiv2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1923479/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
