Exiv2: Multiple Vulnerabilities
Multiple vulnerabilities have been discovered in Exiv2, the worst of which can lead to remote code execution.
exiv2
2023-12-22
2023-12-22
785646
807346
917650
local and remote
0.28.1
0.28.1
Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files.
Multiple vulnerabilities have been discovered in Exiv2. Please review the CVE identifiers referenced below for details.
Please review the referenced CVE identifiers for details.
There is no known workaround at this time.
All Exiv2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.1"
CVE-2020-18771
CVE-2020-18773
CVE-2020-18774
CVE-2020-18899
CVE-2021-29457
CVE-2021-29458
CVE-2021-29463
CVE-2021-29464
CVE-2021-29470
CVE-2021-29473
CVE-2021-29623
CVE-2021-31291
CVE-2021-31292
CVE-2021-32617
CVE-2021-32815
CVE-2021-34334
CVE-2021-34335
CVE-2021-37615
CVE-2021-37616
CVE-2021-37618
CVE-2021-37619
CVE-2021-37620
CVE-2021-37621
CVE-2021-37622
CVE-2021-37623
CVE-2023-44398
graaff
graaff