Description
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 12 | | =0.27.6-1 || =0.28.0+dfsg-1 || =0.28.0+dfsg-2 || =0.28.0+dfsg-3 || =0.28.0+dfsg-4 || =0.28.1+dfsg-1 || =0.28.1+dfsg-2 || =0.28.1+dfsg-3 || =0.28.2+dfsg-1 || =0.28.3+dfsg-1 || =0.28.3+dfsg-2 || =0.28.4+dfsg-1 || =0.28.4+dfsg-2 || =0.28.5+dfsg-1 || =0.28.7+dfsg-1 || =0.28.7+dfsg-2 || =0.28.8+dfsg-1 | - |
debian 14 | | =0.28.5+dfsg-1 || =0.28.7+dfsg-1 || =0.28.7+dfsg-2 || >=0 <0.28.8+dfsg-1 | 0.28.8+dfsg-1 |
debian 13 | | =0.28.5+dfsg-1 || =0.28.7+dfsg-1 || =0.28.7+dfsg-2 || =0.28.8+dfsg-1 | - |
debian 11 | | =0.27.3-3 || =0.27.3-3+deb11u1 || =0.27.3-3+deb11u2 || =0.27.3-3.1 || =0.27.5-1 || =0.27.5-2 || =0.27.5-3 || =0.27.5-4 || =0.27.6-1 || =0.28.0+dfsg-1 || =0.28.0+dfsg-2 || =0.28.0+dfsg-3 || =0.28.0+dfsg-4 || =0.28.1+dfsg-1 || =0.28.1+dfsg-2 || =0.28.1+dfsg-3 || =0.28.2+dfsg-1 || =0.28.3+dfsg-1 || =0.28.3+dfsg-2 || =0.28.4+dfsg-1 || =0.28.4+dfsg-2 || =0.28.5+dfsg-1 || =0.28.7+dfsg-1 || =0.28.7+dfsg-2 || =0.28.8+dfsg-1 | - |
 rpm rhel6 | | - | - |
rpm rhel7 | | - | - |
rpm rhel8 | | - | - |
rpm rhel7 | | - | - |
rpm rhel7 | | - | - |
rpm rhel8 | | - | - |
