Ubuntu
exiv2 package

exiv2 0.27.2-8ubuntu2.6 source package in Ubuntu

Changelog

exiv2 (0.27.2-8ubuntu2.6) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-32815-*.patch: adds a check of sizes, adds
      regression test, adds msgs prints for DEBUG flags in
      src/crwimage_int.cpp.
    - CVE-2021-32815
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-34334-*.patch: adds regression test, adds
      an extra checking to prevent the loop counter from wrapping around in
      crwimage_int.cpp; adds defensive code to avoid integer overflow in loop
      conditions in src/actions.cpp, src/basicio.cpp, src/convert.cpp,
      src/exif.cpp, src/exvi2.cpp, src/iptc.cpp, src/preview.cpp,
      src/tags_int.cpp, src/tiffcomposite_int.cpp, src/types.cpp,
      src/xmp.cpp, src/xmpsidecar.cpp; adds a better fix for a potential
      integer overflow in bytes.size() in src/iptc.cpp; changes type of
      escapeStart to size_t in src/exiv2.cpp; fix warning comparison of
      integer expressions of different signedness in src/iptc.cpp,
      src/tags_int.cpp.
    - CVE-2021-34334
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-34335-*.patch: adds regression test;
      prevent divide-by-zero crash in src/minoltamn_int.cpp; adds defensive
      code in include/exiv2/value.hpp, src/tags_int.cpp.
    - CVE-2021-34335
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-37615-37616-*.patch: adds regression test;
      throw exception if lens info wasn't found in src/pentaxmn_int.cpp;
      adds a check to findKey din't return end() in src/convert.cpp,
      src/crwimage_int.cpp, src/exif.cpp, src/iptc.cpp, src/xmp.cpp.
    - CVE-2021-37615
    - CVE-2021-37616
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2021-37618-*.patch: adds regression test; adds
      a better bounds checking for Jp2Image::printStructure in
      src/jp2image.cpp.
    - CVE-2021-37618
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2021-37619-*.patch: adds regression test;
      fix incorrect loop condition in src/jp2image.cpp.
    - CVE-2021-37619
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2021-37620-*.patch: adds regression test;
      check that type isn't an empty string in src/values.cpp and
      adds safer vector indexing in multiples files in src/*.
    - CVE-2021-37620
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2021-37621-*.patch: adds regression test;
      checks dirlength to avoid infinite loop and adds some defensive code in
      src/image.cpp.
    - CVE-2021-37621
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2021-37622-*.patch: adds regression test; makes sure
      that read is complete to prevent infinite loop and remove dedundant
      check in src/jpgimage.cpp.
    - CVE-2021-37622
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-37623-1.patch: adds regression test.
    - debian/patches/CVE-2021-37623-2.patch: adjusts bufRead after seek() to
      avoid a infinite loop in src/jpgimage.cpp.
    - CVE-2021-37623
  * debian/patches/fix_enforce_include.patch: includes enforce in
    crwimage_int.cpp.

 -- Leonidas Da Silva Barbosa <email address hidden>  Thu, 12 Aug 2021 13:18:13 -0300

Upload details

Uploaded by:
Leonidas S. Barbosa
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
graphics
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
exiv2_0.27.2.orig.tar.gz 26.3 MiB 2652f56b912711327baff6dc0c90960818211cf7ab79bb5e1eb59320b78d153f
exiv2_0.27.2-8ubuntu2.6.debian.tar.xz 232.9 KiB 3deba9edf615fb725c1fbeceb42c7ff1f44b464cca7b760e1976bd0f251c910c
exiv2_0.27.2-8ubuntu2.6.dsc 2.3 KiB 389ad7e30eecc7f2aed631d59ab9d49e6ec6409e14b7ae2f5adaeb47b866ab8c

View changes file

Binary packages built by this source

exiv2: EXIF/IPTC/XMP metadata manipulation tool

 Exiv2 is a C++ library and a command line utility to manage image metadata.
 It provides fast and easy read and write access to the Exif, IPTC and XMP
 metadata of images in various formats
 .
 Exiv2 command line utility to:
 .
  * print Exif, IPTC and XMP image metadata in different formats:
    - Exif summary info, interpreted values, or the plain data for each tag
  * set, add and delete Exif, IPTC and XMP image metadata from command line
    modify commands or command scripts
  * adjust the Exif timestamp (that's how it all started...)
  * rename Exif image files according to the Exif timestamp
  * extract, insert and delete Exif, IPTC and XMP metadata and JPEG comments
  * extract previews from RAW images and thumbnails from the Exif metadata
  * insert and delete the thumbnail image embedded in the Exif metadata
  * print, set and delete the JPEG comment of JPEG images
  * fix the Exif ISO setting of picture taken with Canon and Nikon cameras

exiv2-dbgsym: debug symbols for exiv2
libexiv2-27: EXIF/IPTC/XMP metadata manipulation library

 Exiv2 is a C++ library and a command line utility to manage image metadata.
 It provides fast and easy read and write access to the Exif, IPTC and XMP
 metadata of images in various formats
 .
 Exiv2 library provides:
  * fast read and write access to the Exif, IPTC, and XMP metadata of an image
  * an easy to use and extensively documented API
  * conversions of Exif and IPTC metadata to XMP and vice versa
  * a smart IPTC implementation that does not affect data that programs like
    Photoshop store in the same image segment
  * Exif Makernote support:
    - Makernote tags can be read and written just like any other metadata
    - a sophisticated write algorithm avoids corrupting the Makernote
  * a simple interface to extract previews embedded in RAW images and Exif
    thumbnails
  * set and delete methods for Exif thumbnails

libexiv2-27-dbgsym: debug symbols for libexiv2-27
libexiv2-dev: EXIF/IPTC/XMP metadata manipulation library - development files

 Exiv2 is a C++ library and a command line utility to manage image metadata.
 It provides fast and easy read and write access to the Exif, IPTC and XMP
 metadata of images in various formats
 .
 This package provides the development files for using exiv2.

libexiv2-doc: EXIF/IPTC/XMP metadata manipulation library - HTML documentation

 Exiv2 is a C++ library and a command line utility to manage image metadata.
 It provides fast and easy read and write access to the Exif, IPTC and XMP
 metadata of images in various formats
 .
 This package provides the Exiv2 HTML documentation.