exiv2-0.27.5-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12063-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z exiv2-0.27.5-2.1 on GA media These are all security issues fixed in the exiv2-0.27.5-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12063 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-29623/ SUSE CVE CVE-2021-29623 page openSUSE Tumbleweed exiv2-0.27.5-2.1 exiv2-lang-0.27.5-2.1 libexiv2-27-0.27.5-2.1 libexiv2-27-32bit-0.27.5-2.1 libexiv2-devel-0.27.5-2.1 libexiv2-xmp-static-0.27.5-2.1 exiv2-0.27.5-2.1 as a component of openSUSE Tumbleweed exiv2-lang-0.27.5-2.1 as a component of openSUSE Tumbleweed libexiv2-27-0.27.5-2.1 as a component of openSUSE Tumbleweed libexiv2-27-32bit-0.27.5-2.1 as a component of openSUSE Tumbleweed libexiv2-devel-0.27.5-2.1 as a component of openSUSE Tumbleweed libexiv2-xmp-static-0.27.5-2.1 as a component of openSUSE Tumbleweed Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. CVE-2021-29623 openSUSE Tumbleweed:exiv2-0.27.5-2.1 openSUSE Tumbleweed:exiv2-lang-0.27.5-2.1 openSUSE Tumbleweed:libexiv2-27-0.27.5-2.1 openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-2.1 openSUSE Tumbleweed:libexiv2-devel-0.27.5-2.1 openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-29623.html CVE-2021-29623 https://bugzilla.suse.com/1186053 SUSE Bug 1186053