Security update for exiv2-0_26 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0231-1 Final 1 1 2026-01-22T12:22:53Z current 2026-01-22T12:22:53Z 2026-01-22T12:22:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for exiv2-0_26 This update for exiv2-0_26 fixes the following issues: Add reference for previously fixed issue: - CVE-2025-55304: Fixed quadratic performance algorithm in the ICC profile parsing code of `JpegBase::readMetadata` (bsc#1248963). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-231,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-231,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-231,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-231,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-231,openSUSE-SLE-15.6-2026-231 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260231-1/ Link for SUSE-SU-2026:0231-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023854.html E-Mail link for SUSE-SU-2026:0231-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1248963 SUSE Bug 1248963 https://www.suse.com/security/cve/CVE-2025-55304/ SUSE CVE CVE-2025-55304 page SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4 openSUSE Leap 15.6 libexiv2-26-0.26-150400.9.27.1 libexiv2-26-32bit-0.26-150400.9.27.1 libexiv2-26-64bit-0.26-150400.9.27.1 libexiv2-26-0.26-150400.9.27.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libexiv2-26-0.26-150400.9.27.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libexiv2-26-0.26-150400.9.27.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libexiv2-26-0.26-150400.9.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libexiv2-26-0.26-150400.9.27.1 as a component of openSUSE Leap 15.6 libexiv2-26-32bit-0.26-150400.9.27.1 as a component of openSUSE Leap 15.6 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6. CVE-2025-55304 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libexiv2-26-0.26-150400.9.27.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libexiv2-26-0.26-150400.9.27.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libexiv2-26-0.26-150400.9.27.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libexiv2-26-0.26-150400.9.27.1 openSUSE Leap 15.6:libexiv2-26-0.26-150400.9.27.1 openSUSE Leap 15.6:libexiv2-26-32bit-0.26-150400.9.27.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260231-1/ https://www.suse.com/security/cve/CVE-2025-55304.html CVE-2025-55304 https://bugzilla.suse.com/1248963 SUSE Bug 1248963