Bugzilla – Bug 1188645
VUL-0: CVE-2020-19716: exiv2: A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS).
Last modified: 2022-11-07 20:22:33 UTC
CVE-2020-19716 A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19716 https://github.com/Exiv2/exiv2/issues/980
fix is here https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3
code in sel15 is affected. code in sle12 in rafimage.cpp looks more simple and seems unaffected as it does less weird offset magic. same for sle11. considering sle12 and sle11 not affected.
Dirk, can you please submit for SUSE:SLE-15:Update? :)
submitted for SLE15.
This is an autogenerated message for OBS integration: This bug (1188645) was mentioned in https://build.opensuse.org/request/show/1006717 Factory / exiv2
SUSE-SU-2022:3889-1: An update that solves 15 vulnerabilities, contains one feature and has one errata is now available. Category: security (important) Bug References: 1068871,1142675,1142679,1185002,1185218,1185447,1185913,1186053,1186192,1188645,1188733,1189332,1189333,1189334,1189335,1189338 CVE References: CVE-2017-1000128,CVE-2019-13108,CVE-2019-13111,CVE-2020-19716,CVE-2021-29457,CVE-2021-29463,CVE-2021-29470,CVE-2021-29623,CVE-2021-31291,CVE-2021-32617,CVE-2021-34334,CVE-2021-37620,CVE-2021-37621,CVE-2021-37622,CVE-2021-37623 JIRA References: PED-1393 Sources used: openSUSE Leap 15.4 (src): exiv2-0.27.5-150400.15.4.1, exiv2-0_26-0.26-150400.9.16.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): exiv2-0.27.5-150400.15.4.1, exiv2-0_26-0.26-150400.9.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.