Gentoo: GLSA-202312-06: Exiv2: Multiple Vulnerabilities
Summary
Multiple vulnerabilities have been discovered in Exiv2. Please review
the CVE identifiers referenced below for details.
Resolution
All Exiv2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.1"
References
[ 1 ] CVE-2020-18771
https://nvd.nist.gov/vuln/detail/CVE-2020-18771
[ 2 ] CVE-2020-18773
https://nvd.nist.gov/vuln/detail/CVE-2020-18773
[ 3 ] CVE-2020-18774
https://nvd.nist.gov/vuln/detail/CVE-2020-18774
[ 4 ] CVE-2020-18899
https://nvd.nist.gov/vuln/detail/CVE-2020-18899
[ 5 ] CVE-2021-29457
https://nvd.nist.gov/vuln/detail/CVE-2021-29457
[ 6 ] CVE-2021-29458
https://nvd.nist.gov/vuln/detail/CVE-2021-29458
[ 7 ] CVE-2021-29463
https://nvd.nist.gov/vuln/detail/CVE-2021-29463
[ 8 ] CVE-2021-29464
https://nvd.nist.gov/vuln/detail/CVE-2021-29464
[ 9 ] CVE-2021-29470
https://nvd.nist.gov/vuln/detail/CVE-2021-29470
[ 10 ] CVE-2021-29473
https://nvd.nist.gov/vuln/detail/CVE-2021-29473
[ 11 ] CVE-2021-29623
https://nvd.nist.gov/vuln/detail/CVE-2021-29623
[ 12 ] CVE-2021-31291
https://nvd.nist.gov/vuln/detail/CVE-2021-31291
[ 13 ] CVE-2021-31292
https://nvd.nist.gov/vuln/detail/CVE-2021-31292
[ 14 ] CVE-2021-32617
https://nvd.nist.gov/vuln/detail/CVE-2021-32617
[ 15 ] CVE-2021-32815
https://nvd.nist.gov/vuln/detail/CVE-2021-32815
[ 16 ] CVE-2021-34334
https://nvd.nist.gov/vuln/detail/CVE-2021-34334
[ 17 ] CVE-2021-34335
https://nvd.nist.gov/vuln/detail/CVE-2021-34335
[ 18 ] CVE-2021-37615
https://nvd.nist.gov/vuln/detail/CVE-2021-37615
[ 19 ] CVE-2021-37616
https://nvd.nist.gov/vuln/detail/CVE-2021-37616
[ 20 ] CVE-2021-37618
https://nvd.nist.gov/vuln/detail/CVE-2021-37618
[ 21 ] CVE-2021-37619
https://nvd.nist.gov/vuln/detail/CVE-2021-37619
[ 22 ] CVE-2021-37620
https://nvd.nist.gov/vuln/detail/CVE-2021-37620
[ 23 ] CVE-2021-37621
https://nvd.nist.gov/vuln/detail/CVE-2021-37621
[ 24 ] CVE-2021-37622
https://nvd.nist.gov/vuln/detail/CVE-2021-37622
[ 25 ] CVE-2021-37623
https://nvd.nist.gov/vuln/detail/CVE-2021-37623
[ 26 ] CVE-2023-44398
https://nvd.nist.gov/vuln/detail/CVE-2023-44398
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202312-06
Concerns
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been discovered in Exiv2, the worst of
which can lead to remote code execution.
Background
Exiv2 is a C++ library and set of tools for parsing, editing and saving
Exif and IPTC metadata from images. Exif, the Exchangeable image file
format, specifies the addition of metadata tags to JPEG, TIFF and RIFF
files.
Affected Packages
Package Vulnerable Unaffected
--------------- ------------ ------------
media-gfx/exiv2 < 0.28.1 >= 0.28.1
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.