Bugzilla – Bug 1188733
VUL-0: CVE-2021-31291: exiv2: A heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata
Last modified: 2024-05-16 14:27:03 UTC
CVE-2021-31291 A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service (DOS) via crafted metadata. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31291 https://github.com/Exiv2/exiv2/issues/1529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31291
tracking as affected: - SUSE:SLE-12:Update/exiv2 - SUSE:SLE-15:Update/exiv2
submitted to SLE12 and SLE15. older versions are not affected.
This is an autogenerated message for OBS integration: This bug (1188733) was mentioned in https://build.opensuse.org/request/show/1006717 Factory / exiv2
SUSE-SU-2022:3543-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1186192,1188733 CVE References: CVE-2021-31291,CVE-2021-32617 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): exiv2-0.23-12.11.1 SUSE Linux Enterprise Server 12-SP5 (src): exiv2-0.23-12.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3598-1: An update that fixes 15 vulnerabilities is now available. Category: security (important) Bug References: 1076579,1086798,1086810,1092096,1114690,1185447,1186192,1188733,1188756,1189330,1189331,1189332,1189333,1189636,1189780 CVE References: CVE-2018-10772,CVE-2018-18915,CVE-2018-5772,CVE-2018-8976,CVE-2018-8977,CVE-2020-18898,CVE-2020-18899,CVE-2021-29470,CVE-2021-31291,CVE-2021-31292,CVE-2021-32617,CVE-2021-37618,CVE-2021-37619,CVE-2021-37620,CVE-2021-37621 JIRA References: Sources used: openSUSE Leap 15.4 (src): exiv2-0.26-150000.6.16.1 openSUSE Leap 15.3 (src): exiv2-0.26-150000.6.16.1 SUSE Manager Server 4.1 (src): exiv2-0.26-150000.6.16.1 SUSE Manager Retail Branch Server 4.1 (src): exiv2-0.26-150000.6.16.1 SUSE Manager Proxy 4.1 (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise Server for SAP 15 (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise Server 15-LTSS (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): exiv2-0.26-150000.6.16.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): exiv2-0.26-150000.6.16.1 SUSE Enterprise Storage 7 (src): exiv2-0.26-150000.6.16.1 SUSE Enterprise Storage 6 (src): exiv2-0.26-150000.6.16.1 SUSE CaaS Platform 4.0 (src): exiv2-0.26-150000.6.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3889-1: An update that solves 15 vulnerabilities, contains one feature and has one errata is now available. Category: security (important) Bug References: 1068871,1142675,1142679,1185002,1185218,1185447,1185913,1186053,1186192,1188645,1188733,1189332,1189333,1189334,1189335,1189338 CVE References: CVE-2017-1000128,CVE-2019-13108,CVE-2019-13111,CVE-2020-19716,CVE-2021-29457,CVE-2021-29463,CVE-2021-29470,CVE-2021-29623,CVE-2021-31291,CVE-2021-32617,CVE-2021-34334,CVE-2021-37620,CVE-2021-37621,CVE-2021-37622,CVE-2021-37623 JIRA References: PED-1393 Sources used: openSUSE Leap 15.4 (src): exiv2-0.27.5-150400.15.4.1, exiv2-0_26-0.26-150400.9.16.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): exiv2-0.27.5-150400.15.4.1, exiv2-0_26-0.26-150400.9.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:4252-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1119562,1142681,1185002,1186231,1188733,1189332,1189337,1189338 CVE References: CVE-2018-20097,CVE-2019-13112,CVE-2021-29457,CVE-2021-29473,CVE-2021-31291,CVE-2021-32815,CVE-2021-34334,CVE-2021-37620 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): exiv2-0.23-12.18.1 SUSE OpenStack Cloud 9 (src): exiv2-0.23-12.18.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): exiv2-0.23-12.18.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): exiv2-0.23-12.18.1 SUSE Linux Enterprise Server 12-SP5 (src): exiv2-0.23-12.18.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): exiv2-0.23-12.18.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): exiv2-0.23-12.18.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): exiv2-0.23-12.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.