Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-13114 (GCVE-0-2019-13114)
Vulnerability from cvelistv5
Published
2019-06-30 00:00
Modified
2024-08-04 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/793"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/815"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "FEDORA-2019-60553d5a18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/793"
},
{
"url": "https://github.com/Exiv2/exiv2/pull/815"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "FEDORA-2019-60553d5a18",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
},
{
"url": "https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13114",
"datePublished": "2019-06-30T00:00:00",
"dateReserved": "2019-06-30T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-13114\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-30T23:15:10.267\",\"lastModified\":\"2024-11-21T04:24:13.160\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.\"},{\"lang\":\"es\",\"value\":\"En el archivo http.c en Exiv2 hasta la versi\u00f3n 0.27.1, permite a un servidor http malicioso causar una denegaci\u00f3n de servicio (bloqueo debido a una desreferencia del puntero NULL) mediante el retorno de una respuesta creada que carece de un car\u00e1cter espacio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.27.1\",\"matchCriteriaId\":\"4BFA28DF-4BFE-4CA7-A2F7-F471F91B856E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/Exiv2/exiv2/issues/793\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Exiv2/exiv2/pull/815\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4056-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/Exiv2/exiv2/issues/793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Exiv2/exiv2/pull/815\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4056-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
gsd-2019-13114
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-13114",
"description": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.",
"id": "GSD-2019-13114",
"references": [
"https://www.suse.com/security/cve/CVE-2019-13114.html",
"https://access.redhat.com/errata/RHSA-2020:1577",
"https://ubuntu.com/security/CVE-2019-13114",
"https://advisories.mageia.org/CVE-2019-13114.html",
"https://linux.oracle.com/cve/CVE-2019-13114.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-13114"
],
"details": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.",
"id": "GSD-2019-13114",
"modified": "2023-12-13T01:23:41.782297Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/793",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/793"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/815",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/pull/815"
},
{
"name": "USN-4056-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "FEDORA-2019-60553d5a18",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
},
{
"name": "https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "openSUSE-SU-2020:0482",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.27.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13114"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/793",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Exiv2/exiv2/issues/793"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/815",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Exiv2/exiv2/pull/815"
},
{
"name": "USN-4056-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "FEDORA-2019-60553d5a18",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
},
{
"name": "https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "openSUSE-SU-2020:0482",
"refsource": "SUSE",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-01-13T16:09Z",
"publishedDate": "2019-06-30T23:15Z"
}
}
}
opensuse-su-2020:0482-1
Vulnerability from csaf_opensuse
Published
2020-04-08 18:18
Modified
2020-04-08 18:18
Summary
Security update for exiv2
Notes
Title of the patch
Security update for exiv2
Description of the patch
This update for exiv2 fixes the following issues:
exiv2 was updated to latest 0.26 branch, fixing bugs and security issues:
- CVE-2017-1000126: Fixed an out of bounds read in webp parser (bsc#1068873).
- CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973).
- CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which
might have led to an out-of-bounds read (bsc#1097600).
- CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could have
led to memory corruption (bsc#1097599).
- CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109175).
- CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109176).
- CVE-2018-17282: Fixed a null pointer dereference in Exiv2::DataValue::copy (bsc#1109299).
- CVE-2018-19108: Fixed an integer overflow in Exiv2::PsdImage::readMetadata which could have
led to infinite loop (bsc#1115364).
- CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed which might have led to denial
of service (bsc#1117513).
- CVE-2018-9305: Fixed an out of bounds read in IptcData::printStructure which might have led to
to information leak or denial of service (bsc#1088424).
- CVE-2019-13114: Fixed a null pointer dereference which might have led to denial of service via
a crafted response of an malicious http server (bsc#1142684).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-482
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for exiv2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for exiv2 fixes the following issues:\n\nexiv2 was updated to latest 0.26 branch, fixing bugs and security issues:\n\n- CVE-2017-1000126: Fixed an out of bounds read in webp parser (bsc#1068873).\n- CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973).\n- CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which\n might have led to an out-of-bounds read (bsc#1097600).\n- CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could have \n led to memory corruption (bsc#1097599).\n- CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109175).\n- CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109176).\n- CVE-2018-17282: Fixed a null pointer dereference in Exiv2::DataValue::copy (bsc#1109299).\n- CVE-2018-19108: Fixed an integer overflow in Exiv2::PsdImage::readMetadata which could have \n led to infinite loop (bsc#1115364).\n- CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed which might have led to denial \n of service (bsc#1117513).\n- CVE-2018-9305: Fixed an out of bounds read in IptcData::printStructure which might have led to \n to information leak or denial of service (bsc#1088424).\n- CVE-2019-13114: Fixed a null pointer dereference which might have led to denial of service via \n a crafted response of an malicious http server (bsc#1142684).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-482",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0482-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0482-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U7X32HSPSOKHILGP4IPOOWMROAKSPGIY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0482-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U7X32HSPSOKHILGP4IPOOWMROAKSPGIY/"
},
{
"category": "self",
"summary": "SUSE Bug 1040973",
"url": "https://bugzilla.suse.com/1040973"
},
{
"category": "self",
"summary": "SUSE Bug 1068873",
"url": "https://bugzilla.suse.com/1068873"
},
{
"category": "self",
"summary": "SUSE Bug 1088424",
"url": "https://bugzilla.suse.com/1088424"
},
{
"category": "self",
"summary": "SUSE Bug 1097599",
"url": "https://bugzilla.suse.com/1097599"
},
{
"category": "self",
"summary": "SUSE Bug 1097600",
"url": "https://bugzilla.suse.com/1097600"
},
{
"category": "self",
"summary": "SUSE Bug 1109175",
"url": "https://bugzilla.suse.com/1109175"
},
{
"category": "self",
"summary": "SUSE Bug 1109176",
"url": "https://bugzilla.suse.com/1109176"
},
{
"category": "self",
"summary": "SUSE Bug 1109299",
"url": "https://bugzilla.suse.com/1109299"
},
{
"category": "self",
"summary": "SUSE Bug 1115364",
"url": "https://bugzilla.suse.com/1115364"
},
{
"category": "self",
"summary": "SUSE Bug 1117513",
"url": "https://bugzilla.suse.com/1117513"
},
{
"category": "self",
"summary": "SUSE Bug 1142684",
"url": "https://bugzilla.suse.com/1142684"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000126 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9239 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12264 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12265 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17229 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17230 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17282 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17282/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19108 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19607 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-9305 page",
"url": "https://www.suse.com/security/cve/CVE-2018-9305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13114 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13114/"
}
],
"title": "Security update for exiv2",
"tracking": {
"current_release_date": "2020-04-08T18:18:55Z",
"generator": {
"date": "2020-04-08T18:18:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0482-1",
"initial_release_date": "2020-04-08T18:18:55Z",
"revision_history": [
{
"date": "2020-04-08T18:18:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "exiv2-0.26-lp151.7.3.1.i586",
"product": {
"name": "exiv2-0.26-lp151.7.3.1.i586",
"product_id": "exiv2-0.26-lp151.7.3.1.i586"
}
},
{
"category": "product_version",
"name": "libexiv2-26-0.26-lp151.7.3.1.i586",
"product": {
"name": "libexiv2-26-0.26-lp151.7.3.1.i586",
"product_id": "libexiv2-26-0.26-lp151.7.3.1.i586"
}
},
{
"category": "product_version",
"name": "libexiv2-devel-0.26-lp151.7.3.1.i586",
"product": {
"name": "libexiv2-devel-0.26-lp151.7.3.1.i586",
"product_id": "libexiv2-devel-0.26-lp151.7.3.1.i586"
}
},
{
"category": "product_version",
"name": "libexiv2-doc-0.26-lp151.7.3.1.i586",
"product": {
"name": "libexiv2-doc-0.26-lp151.7.3.1.i586",
"product_id": "libexiv2-doc-0.26-lp151.7.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "exiv2-lang-0.26-lp151.7.3.1.noarch",
"product": {
"name": "exiv2-lang-0.26-lp151.7.3.1.noarch",
"product_id": "exiv2-lang-0.26-lp151.7.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "exiv2-0.26-lp151.7.3.1.x86_64",
"product": {
"name": "exiv2-0.26-lp151.7.3.1.x86_64",
"product_id": "exiv2-0.26-lp151.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexiv2-26-0.26-lp151.7.3.1.x86_64",
"product": {
"name": "libexiv2-26-0.26-lp151.7.3.1.x86_64",
"product_id": "libexiv2-26-0.26-lp151.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"product": {
"name": "libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"product_id": "libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"product": {
"name": "libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"product_id": "libexiv2-devel-0.26-lp151.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexiv2-doc-0.26-lp151.7.3.1.x86_64",
"product": {
"name": "libexiv2-doc-0.26-lp151.7.3.1.x86_64",
"product_id": "libexiv2-doc-0.26-lp151.7.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0.26-lp151.7.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586"
},
"product_reference": "exiv2-0.26-lp151.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0.26-lp151.7.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64"
},
"product_reference": "exiv2-0.26-lp151.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-lang-0.26-lp151.7.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch"
},
"product_reference": "exiv2-lang-0.26-lp151.7.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-26-0.26-lp151.7.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586"
},
"product_reference": "libexiv2-26-0.26-lp151.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-26-0.26-lp151.7.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64"
},
"product_reference": "libexiv2-26-0.26-lp151.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64"
},
"product_reference": "libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-devel-0.26-lp151.7.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586"
},
"product_reference": "libexiv2-devel-0.26-lp151.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-devel-0.26-lp151.7.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64"
},
"product_reference": "libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-doc-0.26-lp151.7.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586"
},
"product_reference": "libexiv2-doc-0.26-lp151.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-doc-0.26-lp151.7.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
},
"product_reference": "libexiv2-doc-0.26-lp151.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-1000126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000126"
}
],
"notes": [
{
"category": "general",
"text": "exiv2 0.26 contains a Stack out of bounds read in webp parser",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000126",
"url": "https://www.suse.com/security/cve/CVE-2017-1000126"
},
{
"category": "external",
"summary": "SUSE Bug 1068873 for CVE-2017-1000126",
"url": "https://bugzilla.suse.com/1068873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-08T18:18:55Z",
"details": "moderate"
}
],
"title": "CVE-2017-1000126"
},
{
"cve": "CVE-2017-9239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9239"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9239",
"url": "https://www.suse.com/security/cve/CVE-2017-9239"
},
{
"category": "external",
"summary": "SUSE Bug 1040973 for CVE-2017-9239",
"url": "https://bugzilla.suse.com/1040973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-08T18:18:55Z",
"details": "low"
}
],
"title": "CVE-2017-9239"
},
{
"cve": "CVE-2018-12264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12264"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12264",
"url": "https://www.suse.com/security/cve/CVE-2018-12264"
},
{
"category": "external",
"summary": "SUSE Bug 1097600 for CVE-2018-12264",
"url": "https://bugzilla.suse.com/1097600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-08T18:18:55Z",
"details": "low"
}
],
"title": "CVE-2018-12264"
},
{
"cve": "CVE-2018-12265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12265"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12265",
"url": "https://www.suse.com/security/cve/CVE-2018-12265"
},
{
"category": "external",
"summary": "SUSE Bug 1097599 for CVE-2018-12265",
"url": "https://bugzilla.suse.com/1097599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-08T18:18:55Z",
"details": "low"
}
],
"title": "CVE-2018-12265"
},
{
"cve": "CVE-2018-17229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17229"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17229",
"url": "https://www.suse.com/security/cve/CVE-2018-17229"
},
{
"category": "external",
"summary": "SUSE Bug 1109175 for CVE-2018-17229",
"url": "https://bugzilla.suse.com/1109175"
},
{
"category": "external",
"summary": "SUSE Bug 1109176 for CVE-2018-17229",
"url": "https://bugzilla.suse.com/1109176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-08T18:18:55Z",
"details": "low"
}
],
"title": "CVE-2018-17229"
},
{
"cve": "CVE-2018-17230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17230"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17230",
"url": "https://www.suse.com/security/cve/CVE-2018-17230"
},
{
"category": "external",
"summary": "SUSE Bug 1109176 for CVE-2018-17230",
"url": "https://bugzilla.suse.com/1109176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-08T18:18:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-17230"
},
{
"cve": "CVE-2018-17282",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17282"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17282",
"url": "https://www.suse.com/security/cve/CVE-2018-17282"
},
{
"category": "external",
"summary": "SUSE Bug 1109299 for CVE-2018-17282",
"url": "https://bugzilla.suse.com/1109299"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-08T18:18:55Z",
"details": "low"
}
],
"title": "CVE-2018-17282"
},
{
"cve": "CVE-2018-19108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19108"
}
],
"notes": [
{
"category": "general",
"text": "In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19108",
"url": "https://www.suse.com/security/cve/CVE-2018-19108"
},
{
"category": "external",
"summary": "SUSE Bug 1115364 for CVE-2018-19108",
"url": "https://bugzilla.suse.com/1115364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-08T18:18:55Z",
"details": "low"
}
],
"title": "CVE-2018-19108"
},
{
"cve": "CVE-2018-19607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19607"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19607",
"url": "https://www.suse.com/security/cve/CVE-2018-19607"
},
{
"category": "external",
"summary": "SUSE Bug 1117513 for CVE-2018-19607",
"url": "https://bugzilla.suse.com/1117513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-08T18:18:55Z",
"details": "low"
}
],
"title": "CVE-2018-19607"
},
{
"cve": "CVE-2018-9305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-9305"
}
],
"notes": [
{
"category": "general",
"text": "In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the \"== 0x1c\" case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-9305",
"url": "https://www.suse.com/security/cve/CVE-2018-9305"
},
{
"category": "external",
"summary": "SUSE Bug 1088424 for CVE-2018-9305",
"url": "https://bugzilla.suse.com/1088424"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-08T18:18:55Z",
"details": "low"
}
],
"title": "CVE-2018-9305"
},
{
"cve": "CVE-2019-13114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13114"
}
],
"notes": [
{
"category": "general",
"text": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13114",
"url": "https://www.suse.com/security/cve/CVE-2019-13114"
},
{
"category": "external",
"summary": "SUSE Bug 1142684 for CVE-2019-13114",
"url": "https://bugzilla.suse.com/1142684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:exiv2-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:exiv2-lang-0.26-lp151.7.3.1.noarch",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-26-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-26-32bit-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-devel-0.26-lp151.7.3.1.x86_64",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.i586",
"openSUSE Leap 15.1:libexiv2-doc-0.26-lp151.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-08T18:18:55Z",
"details": "moderate"
}
],
"title": "CVE-2019-13114"
}
]
}
opensuse-su-2024:12399-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
exiv2-0.27.5-4.1 on GA media
Notes
Title of the patch
exiv2-0.27.5-4.1 on GA media
Description of the patch
These are all security issues fixed in the exiv2-0.27.5-4.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12399
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "exiv2-0.27.5-4.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the exiv2-0.27.5-4.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12399",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12399-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000126 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9239 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17229 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17230 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17282 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17282/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19108 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19607 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-9305 page",
"url": "https://www.suse.com/security/cve/CVE-2018-9305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13114 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13114/"
}
],
"title": "exiv2-0.27.5-4.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12399-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "exiv2-0.27.5-4.1.aarch64",
"product": {
"name": "exiv2-0.27.5-4.1.aarch64",
"product_id": "exiv2-0.27.5-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "exiv2-lang-0.27.5-4.1.aarch64",
"product": {
"name": "exiv2-lang-0.27.5-4.1.aarch64",
"product_id": "exiv2-lang-0.27.5-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexiv2-27-0.27.5-4.1.aarch64",
"product": {
"name": "libexiv2-27-0.27.5-4.1.aarch64",
"product_id": "libexiv2-27-0.27.5-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexiv2-27-32bit-0.27.5-4.1.aarch64",
"product": {
"name": "libexiv2-27-32bit-0.27.5-4.1.aarch64",
"product_id": "libexiv2-27-32bit-0.27.5-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexiv2-devel-0.27.5-4.1.aarch64",
"product": {
"name": "libexiv2-devel-0.27.5-4.1.aarch64",
"product_id": "libexiv2-devel-0.27.5-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexiv2-xmp-static-0.27.5-4.1.aarch64",
"product": {
"name": "libexiv2-xmp-static-0.27.5-4.1.aarch64",
"product_id": "libexiv2-xmp-static-0.27.5-4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "exiv2-0.27.5-4.1.ppc64le",
"product": {
"name": "exiv2-0.27.5-4.1.ppc64le",
"product_id": "exiv2-0.27.5-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "exiv2-lang-0.27.5-4.1.ppc64le",
"product": {
"name": "exiv2-lang-0.27.5-4.1.ppc64le",
"product_id": "exiv2-lang-0.27.5-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexiv2-27-0.27.5-4.1.ppc64le",
"product": {
"name": "libexiv2-27-0.27.5-4.1.ppc64le",
"product_id": "libexiv2-27-0.27.5-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"product": {
"name": "libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"product_id": "libexiv2-27-32bit-0.27.5-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexiv2-devel-0.27.5-4.1.ppc64le",
"product": {
"name": "libexiv2-devel-0.27.5-4.1.ppc64le",
"product_id": "libexiv2-devel-0.27.5-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"product": {
"name": "libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"product_id": "libexiv2-xmp-static-0.27.5-4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "exiv2-0.27.5-4.1.s390x",
"product": {
"name": "exiv2-0.27.5-4.1.s390x",
"product_id": "exiv2-0.27.5-4.1.s390x"
}
},
{
"category": "product_version",
"name": "exiv2-lang-0.27.5-4.1.s390x",
"product": {
"name": "exiv2-lang-0.27.5-4.1.s390x",
"product_id": "exiv2-lang-0.27.5-4.1.s390x"
}
},
{
"category": "product_version",
"name": "libexiv2-27-0.27.5-4.1.s390x",
"product": {
"name": "libexiv2-27-0.27.5-4.1.s390x",
"product_id": "libexiv2-27-0.27.5-4.1.s390x"
}
},
{
"category": "product_version",
"name": "libexiv2-27-32bit-0.27.5-4.1.s390x",
"product": {
"name": "libexiv2-27-32bit-0.27.5-4.1.s390x",
"product_id": "libexiv2-27-32bit-0.27.5-4.1.s390x"
}
},
{
"category": "product_version",
"name": "libexiv2-devel-0.27.5-4.1.s390x",
"product": {
"name": "libexiv2-devel-0.27.5-4.1.s390x",
"product_id": "libexiv2-devel-0.27.5-4.1.s390x"
}
},
{
"category": "product_version",
"name": "libexiv2-xmp-static-0.27.5-4.1.s390x",
"product": {
"name": "libexiv2-xmp-static-0.27.5-4.1.s390x",
"product_id": "libexiv2-xmp-static-0.27.5-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "exiv2-0.27.5-4.1.x86_64",
"product": {
"name": "exiv2-0.27.5-4.1.x86_64",
"product_id": "exiv2-0.27.5-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "exiv2-lang-0.27.5-4.1.x86_64",
"product": {
"name": "exiv2-lang-0.27.5-4.1.x86_64",
"product_id": "exiv2-lang-0.27.5-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexiv2-27-0.27.5-4.1.x86_64",
"product": {
"name": "libexiv2-27-0.27.5-4.1.x86_64",
"product_id": "libexiv2-27-0.27.5-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexiv2-27-32bit-0.27.5-4.1.x86_64",
"product": {
"name": "libexiv2-27-32bit-0.27.5-4.1.x86_64",
"product_id": "libexiv2-27-32bit-0.27.5-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexiv2-devel-0.27.5-4.1.x86_64",
"product": {
"name": "libexiv2-devel-0.27.5-4.1.x86_64",
"product_id": "libexiv2-devel-0.27.5-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexiv2-xmp-static-0.27.5-4.1.x86_64",
"product": {
"name": "libexiv2-xmp-static-0.27.5-4.1.x86_64",
"product_id": "libexiv2-xmp-static-0.27.5-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0.27.5-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64"
},
"product_reference": "exiv2-0.27.5-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0.27.5-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le"
},
"product_reference": "exiv2-0.27.5-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0.27.5-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x"
},
"product_reference": "exiv2-0.27.5-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0.27.5-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64"
},
"product_reference": "exiv2-0.27.5-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-lang-0.27.5-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64"
},
"product_reference": "exiv2-lang-0.27.5-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-lang-0.27.5-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le"
},
"product_reference": "exiv2-lang-0.27.5-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-lang-0.27.5-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x"
},
"product_reference": "exiv2-lang-0.27.5-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-lang-0.27.5-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64"
},
"product_reference": "exiv2-lang-0.27.5-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-27-0.27.5-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64"
},
"product_reference": "libexiv2-27-0.27.5-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-27-0.27.5-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le"
},
"product_reference": "libexiv2-27-0.27.5-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-27-0.27.5-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x"
},
"product_reference": "libexiv2-27-0.27.5-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-27-0.27.5-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64"
},
"product_reference": "libexiv2-27-0.27.5-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-27-32bit-0.27.5-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64"
},
"product_reference": "libexiv2-27-32bit-0.27.5-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-27-32bit-0.27.5-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le"
},
"product_reference": "libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-27-32bit-0.27.5-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x"
},
"product_reference": "libexiv2-27-32bit-0.27.5-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-27-32bit-0.27.5-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64"
},
"product_reference": "libexiv2-27-32bit-0.27.5-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-devel-0.27.5-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64"
},
"product_reference": "libexiv2-devel-0.27.5-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-devel-0.27.5-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le"
},
"product_reference": "libexiv2-devel-0.27.5-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-devel-0.27.5-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x"
},
"product_reference": "libexiv2-devel-0.27.5-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-devel-0.27.5-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64"
},
"product_reference": "libexiv2-devel-0.27.5-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-xmp-static-0.27.5-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64"
},
"product_reference": "libexiv2-xmp-static-0.27.5-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-xmp-static-0.27.5-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le"
},
"product_reference": "libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-xmp-static-0.27.5-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x"
},
"product_reference": "libexiv2-xmp-static-0.27.5-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-xmp-static-0.27.5-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
},
"product_reference": "libexiv2-xmp-static-0.27.5-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-1000126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000126"
}
],
"notes": [
{
"category": "general",
"text": "exiv2 0.26 contains a Stack out of bounds read in webp parser",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000126",
"url": "https://www.suse.com/security/cve/CVE-2017-1000126"
},
{
"category": "external",
"summary": "SUSE Bug 1068873 for CVE-2017-1000126",
"url": "https://bugzilla.suse.com/1068873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-1000126"
},
{
"cve": "CVE-2017-9239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9239"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9239",
"url": "https://www.suse.com/security/cve/CVE-2017-9239"
},
{
"category": "external",
"summary": "SUSE Bug 1040973 for CVE-2017-9239",
"url": "https://bugzilla.suse.com/1040973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-9239"
},
{
"cve": "CVE-2018-17229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17229"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17229",
"url": "https://www.suse.com/security/cve/CVE-2018-17229"
},
{
"category": "external",
"summary": "SUSE Bug 1109175 for CVE-2018-17229",
"url": "https://bugzilla.suse.com/1109175"
},
{
"category": "external",
"summary": "SUSE Bug 1109176 for CVE-2018-17229",
"url": "https://bugzilla.suse.com/1109176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-17229"
},
{
"cve": "CVE-2018-17230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17230"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17230",
"url": "https://www.suse.com/security/cve/CVE-2018-17230"
},
{
"category": "external",
"summary": "SUSE Bug 1109176 for CVE-2018-17230",
"url": "https://bugzilla.suse.com/1109176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-17230"
},
{
"cve": "CVE-2018-17282",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17282"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17282",
"url": "https://www.suse.com/security/cve/CVE-2018-17282"
},
{
"category": "external",
"summary": "SUSE Bug 1109299 for CVE-2018-17282",
"url": "https://bugzilla.suse.com/1109299"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-17282"
},
{
"cve": "CVE-2018-19108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19108"
}
],
"notes": [
{
"category": "general",
"text": "In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19108",
"url": "https://www.suse.com/security/cve/CVE-2018-19108"
},
{
"category": "external",
"summary": "SUSE Bug 1115364 for CVE-2018-19108",
"url": "https://bugzilla.suse.com/1115364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-19108"
},
{
"cve": "CVE-2018-19607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19607"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19607",
"url": "https://www.suse.com/security/cve/CVE-2018-19607"
},
{
"category": "external",
"summary": "SUSE Bug 1117513 for CVE-2018-19607",
"url": "https://bugzilla.suse.com/1117513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-19607"
},
{
"cve": "CVE-2018-9305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-9305"
}
],
"notes": [
{
"category": "general",
"text": "In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the \"== 0x1c\" case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-9305",
"url": "https://www.suse.com/security/cve/CVE-2018-9305"
},
{
"category": "external",
"summary": "SUSE Bug 1088424 for CVE-2018-9305",
"url": "https://bugzilla.suse.com/1088424"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-9305"
},
{
"cve": "CVE-2019-13114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13114"
}
],
"notes": [
{
"category": "general",
"text": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13114",
"url": "https://www.suse.com/security/cve/CVE-2019-13114"
},
{
"category": "external",
"summary": "SUSE Bug 1142684 for CVE-2019-13114",
"url": "https://bugzilla.suse.com/1142684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:exiv2-lang-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-27-32bit-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-devel-0.27.5-4.1.x86_64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.aarch64",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.ppc64le",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.s390x",
"openSUSE Tumbleweed:libexiv2-xmp-static-0.27.5-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-13114"
}
]
}
suse-su-2020:0921-1
Vulnerability from csaf_suse
Published
2020-04-03 15:14
Modified
2020-04-03 15:14
Summary
Security update for exiv2
Notes
Title of the patch
Security update for exiv2
Description of the patch
This update for exiv2 fixes the following issues:
exiv2 was updated to latest 0.26 branch, fixing bugs and security issues:
- CVE-2017-1000126: Fixed an out of bounds read in webp parser (bsc#1068873).
- CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973).
- CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which
might have led to an out-of-bounds read (bsc#1097600).
- CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could have
led to memory corruption (bsc#1097599).
- CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109175).
- CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109176).
- CVE-2018-17282: Fixed a null pointer dereference in Exiv2::DataValue::copy (bsc#1109299).
- CVE-2018-19108: Fixed an integer overflow in Exiv2::PsdImage::readMetadata which could have
led to infinite loop (bsc#1115364).
- CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed which might have led to denial
of service (bsc#1117513).
- CVE-2018-9305: Fixed an out of bounds read in IptcData::printStructure which might have led to
to information leak or denial of service (bsc#1088424).
- CVE-2019-13114: Fixed a null pointer dereference which might have led to denial of service via
a crafted response of an malicious http server (bsc#1142684).
Patchnames
SUSE-2020-921,SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-921,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-921
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for exiv2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for exiv2 fixes the following issues:\n\nexiv2 was updated to latest 0.26 branch, fixing bugs and security issues:\n\n- CVE-2017-1000126: Fixed an out of bounds read in webp parser (bsc#1068873).\n- CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973).\n- CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which\n might have led to an out-of-bounds read (bsc#1097600).\n- CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could have \n led to memory corruption (bsc#1097599).\n- CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109175).\n- CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109176).\n- CVE-2018-17282: Fixed a null pointer dereference in Exiv2::DataValue::copy (bsc#1109299).\n- CVE-2018-19108: Fixed an integer overflow in Exiv2::PsdImage::readMetadata which could have \n led to infinite loop (bsc#1115364).\n- CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed which might have led to denial \n of service (bsc#1117513).\n- CVE-2018-9305: Fixed an out of bounds read in IptcData::printStructure which might have led to \n to information leak or denial of service (bsc#1088424).\n- CVE-2019-13114: Fixed a null pointer dereference which might have led to denial of service via \n a crafted response of an malicious http server (bsc#1142684).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-921,SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-921,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-921",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0921-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:0921-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200921-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:0921-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-April/006676.html"
},
{
"category": "self",
"summary": "SUSE Bug 1040973",
"url": "https://bugzilla.suse.com/1040973"
},
{
"category": "self",
"summary": "SUSE Bug 1068873",
"url": "https://bugzilla.suse.com/1068873"
},
{
"category": "self",
"summary": "SUSE Bug 1088424",
"url": "https://bugzilla.suse.com/1088424"
},
{
"category": "self",
"summary": "SUSE Bug 1097599",
"url": "https://bugzilla.suse.com/1097599"
},
{
"category": "self",
"summary": "SUSE Bug 1097600",
"url": "https://bugzilla.suse.com/1097600"
},
{
"category": "self",
"summary": "SUSE Bug 1109175",
"url": "https://bugzilla.suse.com/1109175"
},
{
"category": "self",
"summary": "SUSE Bug 1109176",
"url": "https://bugzilla.suse.com/1109176"
},
{
"category": "self",
"summary": "SUSE Bug 1109299",
"url": "https://bugzilla.suse.com/1109299"
},
{
"category": "self",
"summary": "SUSE Bug 1115364",
"url": "https://bugzilla.suse.com/1115364"
},
{
"category": "self",
"summary": "SUSE Bug 1117513",
"url": "https://bugzilla.suse.com/1117513"
},
{
"category": "self",
"summary": "SUSE Bug 1142684",
"url": "https://bugzilla.suse.com/1142684"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000126 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9239 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12264 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12265 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17229 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17230 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17282 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17282/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19108 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19607 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-9305 page",
"url": "https://www.suse.com/security/cve/CVE-2018-9305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13114 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13114/"
}
],
"title": "Security update for exiv2",
"tracking": {
"current_release_date": "2020-04-03T15:14:14Z",
"generator": {
"date": "2020-04-03T15:14:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:0921-1",
"initial_release_date": "2020-04-03T15:14:14Z",
"revision_history": [
{
"date": "2020-04-03T15:14:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "exiv2-0.26-6.8.1.aarch64",
"product": {
"name": "exiv2-0.26-6.8.1.aarch64",
"product_id": "exiv2-0.26-6.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexiv2-26-0.26-6.8.1.aarch64",
"product": {
"name": "libexiv2-26-0.26-6.8.1.aarch64",
"product_id": "libexiv2-26-0.26-6.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexiv2-devel-0.26-6.8.1.aarch64",
"product": {
"name": "libexiv2-devel-0.26-6.8.1.aarch64",
"product_id": "libexiv2-devel-0.26-6.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexiv2-doc-0.26-6.8.1.aarch64",
"product": {
"name": "libexiv2-doc-0.26-6.8.1.aarch64",
"product_id": "libexiv2-doc-0.26-6.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexiv2-26-64bit-0.26-6.8.1.aarch64_ilp32",
"product": {
"name": "libexiv2-26-64bit-0.26-6.8.1.aarch64_ilp32",
"product_id": "libexiv2-26-64bit-0.26-6.8.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "exiv2-0.26-6.8.1.i586",
"product": {
"name": "exiv2-0.26-6.8.1.i586",
"product_id": "exiv2-0.26-6.8.1.i586"
}
},
{
"category": "product_version",
"name": "libexiv2-26-0.26-6.8.1.i586",
"product": {
"name": "libexiv2-26-0.26-6.8.1.i586",
"product_id": "libexiv2-26-0.26-6.8.1.i586"
}
},
{
"category": "product_version",
"name": "libexiv2-devel-0.26-6.8.1.i586",
"product": {
"name": "libexiv2-devel-0.26-6.8.1.i586",
"product_id": "libexiv2-devel-0.26-6.8.1.i586"
}
},
{
"category": "product_version",
"name": "libexiv2-doc-0.26-6.8.1.i586",
"product": {
"name": "libexiv2-doc-0.26-6.8.1.i586",
"product_id": "libexiv2-doc-0.26-6.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "exiv2-lang-0.26-6.8.1.noarch",
"product": {
"name": "exiv2-lang-0.26-6.8.1.noarch",
"product_id": "exiv2-lang-0.26-6.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "exiv2-0.26-6.8.1.ppc64le",
"product": {
"name": "exiv2-0.26-6.8.1.ppc64le",
"product_id": "exiv2-0.26-6.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexiv2-26-0.26-6.8.1.ppc64le",
"product": {
"name": "libexiv2-26-0.26-6.8.1.ppc64le",
"product_id": "libexiv2-26-0.26-6.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexiv2-devel-0.26-6.8.1.ppc64le",
"product": {
"name": "libexiv2-devel-0.26-6.8.1.ppc64le",
"product_id": "libexiv2-devel-0.26-6.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexiv2-doc-0.26-6.8.1.ppc64le",
"product": {
"name": "libexiv2-doc-0.26-6.8.1.ppc64le",
"product_id": "libexiv2-doc-0.26-6.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "exiv2-0.26-6.8.1.s390x",
"product": {
"name": "exiv2-0.26-6.8.1.s390x",
"product_id": "exiv2-0.26-6.8.1.s390x"
}
},
{
"category": "product_version",
"name": "libexiv2-26-0.26-6.8.1.s390x",
"product": {
"name": "libexiv2-26-0.26-6.8.1.s390x",
"product_id": "libexiv2-26-0.26-6.8.1.s390x"
}
},
{
"category": "product_version",
"name": "libexiv2-devel-0.26-6.8.1.s390x",
"product": {
"name": "libexiv2-devel-0.26-6.8.1.s390x",
"product_id": "libexiv2-devel-0.26-6.8.1.s390x"
}
},
{
"category": "product_version",
"name": "libexiv2-doc-0.26-6.8.1.s390x",
"product": {
"name": "libexiv2-doc-0.26-6.8.1.s390x",
"product_id": "libexiv2-doc-0.26-6.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "exiv2-0.26-6.8.1.x86_64",
"product": {
"name": "exiv2-0.26-6.8.1.x86_64",
"product_id": "exiv2-0.26-6.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexiv2-26-0.26-6.8.1.x86_64",
"product": {
"name": "libexiv2-26-0.26-6.8.1.x86_64",
"product_id": "libexiv2-26-0.26-6.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexiv2-26-32bit-0.26-6.8.1.x86_64",
"product": {
"name": "libexiv2-26-32bit-0.26-6.8.1.x86_64",
"product_id": "libexiv2-26-32bit-0.26-6.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexiv2-devel-0.26-6.8.1.x86_64",
"product": {
"name": "libexiv2-devel-0.26-6.8.1.x86_64",
"product_id": "libexiv2-devel-0.26-6.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexiv2-doc-0.26-6.8.1.x86_64",
"product": {
"name": "libexiv2-doc-0.26-6.8.1.x86_64",
"product_id": "libexiv2-doc-0.26-6.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-26-0.26-6.8.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64"
},
"product_reference": "libexiv2-26-0.26-6.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-26-0.26-6.8.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le"
},
"product_reference": "libexiv2-26-0.26-6.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-26-0.26-6.8.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x"
},
"product_reference": "libexiv2-26-0.26-6.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-26-0.26-6.8.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64"
},
"product_reference": "libexiv2-26-0.26-6.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-devel-0.26-6.8.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64"
},
"product_reference": "libexiv2-devel-0.26-6.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-devel-0.26-6.8.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le"
},
"product_reference": "libexiv2-devel-0.26-6.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-devel-0.26-6.8.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x"
},
"product_reference": "libexiv2-devel-0.26-6.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexiv2-devel-0.26-6.8.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
},
"product_reference": "libexiv2-devel-0.26-6.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-1000126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000126"
}
],
"notes": [
{
"category": "general",
"text": "exiv2 0.26 contains a Stack out of bounds read in webp parser",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000126",
"url": "https://www.suse.com/security/cve/CVE-2017-1000126"
},
{
"category": "external",
"summary": "SUSE Bug 1068873 for CVE-2017-1000126",
"url": "https://bugzilla.suse.com/1068873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-03T15:14:14Z",
"details": "moderate"
}
],
"title": "CVE-2017-1000126"
},
{
"cve": "CVE-2017-9239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9239"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9239",
"url": "https://www.suse.com/security/cve/CVE-2017-9239"
},
{
"category": "external",
"summary": "SUSE Bug 1040973 for CVE-2017-9239",
"url": "https://bugzilla.suse.com/1040973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-03T15:14:14Z",
"details": "low"
}
],
"title": "CVE-2017-9239"
},
{
"cve": "CVE-2018-12264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12264"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12264",
"url": "https://www.suse.com/security/cve/CVE-2018-12264"
},
{
"category": "external",
"summary": "SUSE Bug 1097600 for CVE-2018-12264",
"url": "https://bugzilla.suse.com/1097600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-03T15:14:14Z",
"details": "low"
}
],
"title": "CVE-2018-12264"
},
{
"cve": "CVE-2018-12265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12265"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12265",
"url": "https://www.suse.com/security/cve/CVE-2018-12265"
},
{
"category": "external",
"summary": "SUSE Bug 1097599 for CVE-2018-12265",
"url": "https://bugzilla.suse.com/1097599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-03T15:14:14Z",
"details": "low"
}
],
"title": "CVE-2018-12265"
},
{
"cve": "CVE-2018-17229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17229"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17229",
"url": "https://www.suse.com/security/cve/CVE-2018-17229"
},
{
"category": "external",
"summary": "SUSE Bug 1109175 for CVE-2018-17229",
"url": "https://bugzilla.suse.com/1109175"
},
{
"category": "external",
"summary": "SUSE Bug 1109176 for CVE-2018-17229",
"url": "https://bugzilla.suse.com/1109176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-03T15:14:14Z",
"details": "low"
}
],
"title": "CVE-2018-17229"
},
{
"cve": "CVE-2018-17230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17230"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17230",
"url": "https://www.suse.com/security/cve/CVE-2018-17230"
},
{
"category": "external",
"summary": "SUSE Bug 1109176 for CVE-2018-17230",
"url": "https://bugzilla.suse.com/1109176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-03T15:14:14Z",
"details": "moderate"
}
],
"title": "CVE-2018-17230"
},
{
"cve": "CVE-2018-17282",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17282"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17282",
"url": "https://www.suse.com/security/cve/CVE-2018-17282"
},
{
"category": "external",
"summary": "SUSE Bug 1109299 for CVE-2018-17282",
"url": "https://bugzilla.suse.com/1109299"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-03T15:14:14Z",
"details": "low"
}
],
"title": "CVE-2018-17282"
},
{
"cve": "CVE-2018-19108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19108"
}
],
"notes": [
{
"category": "general",
"text": "In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19108",
"url": "https://www.suse.com/security/cve/CVE-2018-19108"
},
{
"category": "external",
"summary": "SUSE Bug 1115364 for CVE-2018-19108",
"url": "https://bugzilla.suse.com/1115364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-03T15:14:14Z",
"details": "low"
}
],
"title": "CVE-2018-19108"
},
{
"cve": "CVE-2018-19607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19607"
}
],
"notes": [
{
"category": "general",
"text": "Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19607",
"url": "https://www.suse.com/security/cve/CVE-2018-19607"
},
{
"category": "external",
"summary": "SUSE Bug 1117513 for CVE-2018-19607",
"url": "https://bugzilla.suse.com/1117513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-03T15:14:14Z",
"details": "low"
}
],
"title": "CVE-2018-19607"
},
{
"cve": "CVE-2018-9305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-9305"
}
],
"notes": [
{
"category": "general",
"text": "In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the \"== 0x1c\" case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-9305",
"url": "https://www.suse.com/security/cve/CVE-2018-9305"
},
{
"category": "external",
"summary": "SUSE Bug 1088424 for CVE-2018-9305",
"url": "https://bugzilla.suse.com/1088424"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-03T15:14:14Z",
"details": "low"
}
],
"title": "CVE-2018-9305"
},
{
"cve": "CVE-2019-13114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13114"
}
],
"notes": [
{
"category": "general",
"text": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13114",
"url": "https://www.suse.com/security/cve/CVE-2019-13114"
},
{
"category": "external",
"summary": "SUSE Bug 1142684 for CVE-2019-13114",
"url": "https://bugzilla.suse.com/1142684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-26-0.26-6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libexiv2-devel-0.26-6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-03T15:14:14Z",
"details": "moderate"
}
],
"title": "CVE-2019-13114"
}
]
}
rhsa-2020:1577
Vulnerability from csaf_redhat
Published
2020-04-28 15:31
Modified
2025-03-17 02:07
Summary
Red Hat Security Advisory: exiv2 security, bug fix, and enhancement update
Notes
Topic
An update for exiv2, gegl, gnome-color-manager, and libgexiv2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments.
The following packages have been upgraded to a later upstream version: exiv2 (0.27.2). (BZ#1651917)
Security Fix(es):
* exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421)
* exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp (CVE-2017-18005)
* exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp (CVE-2018-4868)
* exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp (CVE-2018-9303)
* exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp (CVE-2018-9304)
* exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305)
* exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772)
* exiv2: information leak via a crafted file (CVE-2018-11037)
* exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338)
* exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp (CVE-2018-17229)
* exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp (CVE-2018-17230)
* exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282)
* exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581)
* exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915)
* exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107)
* exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108)
* exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535)
* exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607)
* exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096)
* exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097)
* exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098)
* exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099)
* exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service (CVE-2019-9143)
* exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109)
* exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service (CVE-2019-13111)
* exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service (CVE-2019-13112)
* exiv2: invalid data location in CRW image file causing denial of service (CVE-2019-13113)
* exiv2: null-pointer dereference in http.c causing denial of service (CVE-2019-13114)
* exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9306)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for exiv2, gegl, gnome-color-manager, and libgexiv2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments.\n\nThe following packages have been upgraded to a later upstream version: exiv2 (0.27.2). (BZ#1651917)\n\nSecurity Fix(es):\n\n* exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421)\n\n* exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp (CVE-2017-18005)\n\n* exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp (CVE-2018-4868)\n\n* exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp (CVE-2018-9303)\n\n* exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp (CVE-2018-9304)\n\n* exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305)\n\n* exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772)\n\n* exiv2: information leak via a crafted file (CVE-2018-11037)\n\n* exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338)\n\n* exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp (CVE-2018-17229)\n\n* exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp (CVE-2018-17230)\n\n* exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282)\n\n* exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581)\n\n* exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915)\n\n* exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107)\n\n* exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108)\n\n* exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535)\n\n* exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607)\n\n* exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096)\n\n* exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097)\n\n* exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098)\n\n* exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099)\n\n* exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service (CVE-2019-9143)\n\n* exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109)\n\n* exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service (CVE-2019-13111)\n\n* exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service (CVE-2019-13112)\n\n* exiv2: invalid data location in CRW image file causing denial of service (CVE-2019-13113)\n\n* exiv2: null-pointer dereference in http.c causing denial of service (CVE-2019-13114)\n\n* exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9306)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1577",
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index"
},
{
"category": "external",
"summary": "1531171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531171"
},
{
"category": "external",
"summary": "1531724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531724"
},
{
"category": "external",
"summary": "1566725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566725"
},
{
"category": "external",
"summary": "1566731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566731"
},
{
"category": "external",
"summary": "1566735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566735"
},
{
"category": "external",
"summary": "1566737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566737"
},
{
"category": "external",
"summary": "1579544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579544"
},
{
"category": "external",
"summary": "1594627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594627"
},
{
"category": "external",
"summary": "1609396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609396"
},
{
"category": "external",
"summary": "1632481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632481"
},
{
"category": "external",
"summary": "1632484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632484"
},
{
"category": "external",
"summary": "1632490",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632490"
},
{
"category": "external",
"summary": "1635045",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635045"
},
{
"category": "external",
"summary": "1646555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646555"
},
{
"category": "external",
"summary": "1649094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649094"
},
{
"category": "external",
"summary": "1649101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649101"
},
{
"category": "external",
"summary": "1651917",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1651917"
},
{
"category": "external",
"summary": "1656187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656187"
},
{
"category": "external",
"summary": "1656195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656195"
},
{
"category": "external",
"summary": "1660423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660423"
},
{
"category": "external",
"summary": "1660424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660424"
},
{
"category": "external",
"summary": "1660425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660425"
},
{
"category": "external",
"summary": "1660426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660426"
},
{
"category": "external",
"summary": "1684381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1684381"
},
{
"category": "external",
"summary": "1728484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728484"
},
{
"category": "external",
"summary": "1728488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728488"
},
{
"category": "external",
"summary": "1728490",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728490"
},
{
"category": "external",
"summary": "1728492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728492"
},
{
"category": "external",
"summary": "1728494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728494"
},
{
"category": "external",
"summary": "1757444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757444"
},
{
"category": "external",
"summary": "1757445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757445"
},
{
"category": "external",
"summary": "1767748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767748"
},
{
"category": "external",
"summary": "1800472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800472"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1577.json"
}
],
"title": "Red Hat Security Advisory: exiv2 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-03-17T02:07:20+00:00",
"generator": {
"date": "2025-03-17T02:07:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.4.1"
}
},
"id": "RHSA-2020:1577",
"initial_release_date": "2020-04-28T15:31:08+00:00",
"revision_history": [
{
"date": "2020-04-28T15:31:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-28T15:31:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-03-17T02:07:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"product": {
"name": "gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"product_id": "gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnome-color-manager@3.28.0-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"product": {
"name": "gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"product_id": "gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnome-color-manager-debugsource@3.28.0-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"product": {
"name": "gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"product_id": "gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnome-color-manager-debuginfo@3.28.0-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"product": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"product_id": "libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-devel@0.10.8-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"product": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"product_id": "libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-debugsource@0.10.8-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"product": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"product_id": "libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-debuginfo@0.10.8-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-0:0.10.8-4.el8.ppc64le",
"product": {
"name": "libgexiv2-0:0.10.8-4.el8.ppc64le",
"product_id": "libgexiv2-0:0.10.8-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2@0.10.8-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gegl-0:0.2.0-39.el8.ppc64le",
"product": {
"name": "gegl-0:0.2.0-39.el8.ppc64le",
"product_id": "gegl-0:0.2.0-39.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl@0.2.0-39.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"product": {
"name": "gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"product_id": "gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl-debugsource@0.2.0-39.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"product": {
"name": "gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"product_id": "gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl-debuginfo@0.2.0-39.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "exiv2-devel-0:0.27.2-5.el8.ppc64le",
"product": {
"name": "exiv2-devel-0:0.27.2-5.el8.ppc64le",
"product_id": "exiv2-devel-0:0.27.2-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-devel@0.27.2-5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"product": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"product_id": "exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-debugsource@0.27.2-5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"product": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"product_id": "exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-debuginfo@0.27.2-5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"product": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"product_id": "exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-libs-debuginfo@0.27.2-5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "exiv2-0:0.27.2-5.el8.ppc64le",
"product": {
"name": "exiv2-0:0.27.2-5.el8.ppc64le",
"product_id": "exiv2-0:0.27.2-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2@0.27.2-5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "exiv2-libs-0:0.27.2-5.el8.ppc64le",
"product": {
"name": "exiv2-libs-0:0.27.2-5.el8.ppc64le",
"product_id": "exiv2-libs-0:0.27.2-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-libs@0.27.2-5.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gnome-color-manager-0:3.28.0-3.el8.x86_64",
"product": {
"name": "gnome-color-manager-0:3.28.0-3.el8.x86_64",
"product_id": "gnome-color-manager-0:3.28.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnome-color-manager@3.28.0-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"product": {
"name": "gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"product_id": "gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnome-color-manager-debugsource@3.28.0-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"product": {
"name": "gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"product_id": "gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnome-color-manager-debuginfo@3.28.0-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"product": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"product_id": "libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-devel@0.10.8-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"product": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"product_id": "libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-debugsource@0.10.8-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"product": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"product_id": "libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-debuginfo@0.10.8-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-0:0.10.8-4.el8.x86_64",
"product": {
"name": "libgexiv2-0:0.10.8-4.el8.x86_64",
"product_id": "libgexiv2-0:0.10.8-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2@0.10.8-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gegl-0:0.2.0-39.el8.x86_64",
"product": {
"name": "gegl-0:0.2.0-39.el8.x86_64",
"product_id": "gegl-0:0.2.0-39.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl@0.2.0-39.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gegl-debugsource-0:0.2.0-39.el8.x86_64",
"product": {
"name": "gegl-debugsource-0:0.2.0-39.el8.x86_64",
"product_id": "gegl-debugsource-0:0.2.0-39.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl-debugsource@0.2.0-39.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"product": {
"name": "gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"product_id": "gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl-debuginfo@0.2.0-39.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "exiv2-devel-0:0.27.2-5.el8.x86_64",
"product": {
"name": "exiv2-devel-0:0.27.2-5.el8.x86_64",
"product_id": "exiv2-devel-0:0.27.2-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-devel@0.27.2-5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"product": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"product_id": "exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-debugsource@0.27.2-5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"product": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"product_id": "exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-debuginfo@0.27.2-5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"product": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"product_id": "exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-libs-debuginfo@0.27.2-5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "exiv2-0:0.27.2-5.el8.x86_64",
"product": {
"name": "exiv2-0:0.27.2-5.el8.x86_64",
"product_id": "exiv2-0:0.27.2-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2@0.27.2-5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "exiv2-libs-0:0.27.2-5.el8.x86_64",
"product": {
"name": "exiv2-libs-0:0.27.2-5.el8.x86_64",
"product_id": "exiv2-libs-0:0.27.2-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-libs@0.27.2-5.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnome-color-manager-0:3.28.0-3.el8.src",
"product": {
"name": "gnome-color-manager-0:3.28.0-3.el8.src",
"product_id": "gnome-color-manager-0:3.28.0-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnome-color-manager@3.28.0-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-0:0.10.8-4.el8.src",
"product": {
"name": "libgexiv2-0:0.10.8-4.el8.src",
"product_id": "libgexiv2-0:0.10.8-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2@0.10.8-4.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "gegl-0:0.2.0-39.el8.src",
"product": {
"name": "gegl-0:0.2.0-39.el8.src",
"product_id": "gegl-0:0.2.0-39.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl@0.2.0-39.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "exiv2-0:0.27.2-5.el8.src",
"product": {
"name": "exiv2-0:0.27.2-5.el8.src",
"product_id": "exiv2-0:0.27.2-5.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2@0.27.2-5.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libgexiv2-0:0.10.8-4.el8.s390x",
"product": {
"name": "libgexiv2-0:0.10.8-4.el8.s390x",
"product_id": "libgexiv2-0:0.10.8-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2@0.10.8-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-devel-0:0.10.8-4.el8.s390x",
"product": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.s390x",
"product_id": "libgexiv2-devel-0:0.10.8-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-devel@0.10.8-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"product": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"product_id": "libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-debugsource@0.10.8-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"product": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"product_id": "libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-debuginfo@0.10.8-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gegl-0:0.2.0-39.el8.s390x",
"product": {
"name": "gegl-0:0.2.0-39.el8.s390x",
"product_id": "gegl-0:0.2.0-39.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl@0.2.0-39.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gegl-debugsource-0:0.2.0-39.el8.s390x",
"product": {
"name": "gegl-debugsource-0:0.2.0-39.el8.s390x",
"product_id": "gegl-debugsource-0:0.2.0-39.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl-debugsource@0.2.0-39.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gegl-debuginfo-0:0.2.0-39.el8.s390x",
"product": {
"name": "gegl-debuginfo-0:0.2.0-39.el8.s390x",
"product_id": "gegl-debuginfo-0:0.2.0-39.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl-debuginfo@0.2.0-39.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "exiv2-0:0.27.2-5.el8.s390x",
"product": {
"name": "exiv2-0:0.27.2-5.el8.s390x",
"product_id": "exiv2-0:0.27.2-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2@0.27.2-5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "exiv2-devel-0:0.27.2-5.el8.s390x",
"product": {
"name": "exiv2-devel-0:0.27.2-5.el8.s390x",
"product_id": "exiv2-devel-0:0.27.2-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-devel@0.27.2-5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "exiv2-libs-0:0.27.2-5.el8.s390x",
"product": {
"name": "exiv2-libs-0:0.27.2-5.el8.s390x",
"product_id": "exiv2-libs-0:0.27.2-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-libs@0.27.2-5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "exiv2-debugsource-0:0.27.2-5.el8.s390x",
"product": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.s390x",
"product_id": "exiv2-debugsource-0:0.27.2-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-debugsource@0.27.2-5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"product": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"product_id": "exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-debuginfo@0.27.2-5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"product": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"product_id": "exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-libs-debuginfo@0.27.2-5.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libgexiv2-devel-0:0.10.8-4.el8.i686",
"product": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.i686",
"product_id": "libgexiv2-devel-0:0.10.8-4.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-devel@0.10.8-4.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"product": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"product_id": "libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-debugsource@0.10.8-4.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"product": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"product_id": "libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-debuginfo@0.10.8-4.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-0:0.10.8-4.el8.i686",
"product": {
"name": "libgexiv2-0:0.10.8-4.el8.i686",
"product_id": "libgexiv2-0:0.10.8-4.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2@0.10.8-4.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gegl-0:0.2.0-39.el8.i686",
"product": {
"name": "gegl-0:0.2.0-39.el8.i686",
"product_id": "gegl-0:0.2.0-39.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl@0.2.0-39.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gegl-debugsource-0:0.2.0-39.el8.i686",
"product": {
"name": "gegl-debugsource-0:0.2.0-39.el8.i686",
"product_id": "gegl-debugsource-0:0.2.0-39.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl-debugsource@0.2.0-39.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gegl-debuginfo-0:0.2.0-39.el8.i686",
"product": {
"name": "gegl-debuginfo-0:0.2.0-39.el8.i686",
"product_id": "gegl-debuginfo-0:0.2.0-39.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl-debuginfo@0.2.0-39.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "exiv2-devel-0:0.27.2-5.el8.i686",
"product": {
"name": "exiv2-devel-0:0.27.2-5.el8.i686",
"product_id": "exiv2-devel-0:0.27.2-5.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-devel@0.27.2-5.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "exiv2-debugsource-0:0.27.2-5.el8.i686",
"product": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.i686",
"product_id": "exiv2-debugsource-0:0.27.2-5.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-debugsource@0.27.2-5.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "exiv2-debuginfo-0:0.27.2-5.el8.i686",
"product": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.i686",
"product_id": "exiv2-debuginfo-0:0.27.2-5.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-debuginfo@0.27.2-5.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"product": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"product_id": "exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-libs-debuginfo@0.27.2-5.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "exiv2-libs-0:0.27.2-5.el8.i686",
"product": {
"name": "exiv2-libs-0:0.27.2-5.el8.i686",
"product_id": "exiv2-libs-0:0.27.2-5.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-libs@0.27.2-5.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"product": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"product_id": "libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-devel@0.10.8-4.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"product": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"product_id": "libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-debugsource@0.10.8-4.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"product": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"product_id": "libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2-debuginfo@0.10.8-4.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libgexiv2-0:0.10.8-4.el8.aarch64",
"product": {
"name": "libgexiv2-0:0.10.8-4.el8.aarch64",
"product_id": "libgexiv2-0:0.10.8-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libgexiv2@0.10.8-4.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gegl-0:0.2.0-39.el8.aarch64",
"product": {
"name": "gegl-0:0.2.0-39.el8.aarch64",
"product_id": "gegl-0:0.2.0-39.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl@0.2.0-39.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gegl-debugsource-0:0.2.0-39.el8.aarch64",
"product": {
"name": "gegl-debugsource-0:0.2.0-39.el8.aarch64",
"product_id": "gegl-debugsource-0:0.2.0-39.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl-debugsource@0.2.0-39.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"product": {
"name": "gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"product_id": "gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gegl-debuginfo@0.2.0-39.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "exiv2-devel-0:0.27.2-5.el8.aarch64",
"product": {
"name": "exiv2-devel-0:0.27.2-5.el8.aarch64",
"product_id": "exiv2-devel-0:0.27.2-5.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-devel@0.27.2-5.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"product": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"product_id": "exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-debugsource@0.27.2-5.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"product": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"product_id": "exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-debuginfo@0.27.2-5.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"product": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"product_id": "exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-libs-debuginfo@0.27.2-5.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "exiv2-0:0.27.2-5.el8.aarch64",
"product": {
"name": "exiv2-0:0.27.2-5.el8.aarch64",
"product_id": "exiv2-0:0.27.2-5.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2@0.27.2-5.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "exiv2-libs-0:0.27.2-5.el8.aarch64",
"product": {
"name": "exiv2-libs-0:0.27.2-5.el8.aarch64",
"product_id": "exiv2-libs-0:0.27.2-5.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-libs@0.27.2-5.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "exiv2-doc-0:0.27.2-5.el8.noarch",
"product": {
"name": "exiv2-doc-0:0.27.2-5.el8.noarch",
"product_id": "exiv2-doc-0:0.27.2-5.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/exiv2-doc@0.27.2-5.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0:0.27.2-5.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64"
},
"product_reference": "exiv2-0:0.27.2-5.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0:0.27.2-5.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le"
},
"product_reference": "exiv2-0:0.27.2-5.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0:0.27.2-5.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x"
},
"product_reference": "exiv2-0:0.27.2-5.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0:0.27.2-5.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src"
},
"product_reference": "exiv2-0:0.27.2-5.el8.src",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0:0.27.2-5.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64"
},
"product_reference": "exiv2-0:0.27.2-5.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64"
},
"product_reference": "exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686"
},
"product_reference": "exiv2-debuginfo-0:0.27.2-5.el8.i686",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le"
},
"product_reference": "exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x"
},
"product_reference": "exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64"
},
"product_reference": "exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64"
},
"product_reference": "exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686"
},
"product_reference": "exiv2-debugsource-0:0.27.2-5.el8.i686",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le"
},
"product_reference": "exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x"
},
"product_reference": "exiv2-debugsource-0:0.27.2-5.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64"
},
"product_reference": "exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-devel-0:0.27.2-5.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64"
},
"product_reference": "exiv2-devel-0:0.27.2-5.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-devel-0:0.27.2-5.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686"
},
"product_reference": "exiv2-devel-0:0.27.2-5.el8.i686",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-devel-0:0.27.2-5.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le"
},
"product_reference": "exiv2-devel-0:0.27.2-5.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-devel-0:0.27.2-5.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x"
},
"product_reference": "exiv2-devel-0:0.27.2-5.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-devel-0:0.27.2-5.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64"
},
"product_reference": "exiv2-devel-0:0.27.2-5.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-doc-0:0.27.2-5.el8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch"
},
"product_reference": "exiv2-doc-0:0.27.2-5.el8.noarch",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-0:0.27.2-5.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64"
},
"product_reference": "exiv2-libs-0:0.27.2-5.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-0:0.27.2-5.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686"
},
"product_reference": "exiv2-libs-0:0.27.2-5.el8.i686",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-0:0.27.2-5.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le"
},
"product_reference": "exiv2-libs-0:0.27.2-5.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-0:0.27.2-5.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x"
},
"product_reference": "exiv2-libs-0:0.27.2-5.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-0:0.27.2-5.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64"
},
"product_reference": "exiv2-libs-0:0.27.2-5.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64"
},
"product_reference": "exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686"
},
"product_reference": "exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le"
},
"product_reference": "exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x"
},
"product_reference": "exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64"
},
"product_reference": "exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-0:0.2.0-39.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64"
},
"product_reference": "gegl-0:0.2.0-39.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-0:0.2.0-39.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686"
},
"product_reference": "gegl-0:0.2.0-39.el8.i686",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-0:0.2.0-39.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le"
},
"product_reference": "gegl-0:0.2.0-39.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-0:0.2.0-39.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x"
},
"product_reference": "gegl-0:0.2.0-39.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-0:0.2.0-39.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src"
},
"product_reference": "gegl-0:0.2.0-39.el8.src",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-0:0.2.0-39.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64"
},
"product_reference": "gegl-0:0.2.0-39.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-debuginfo-0:0.2.0-39.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64"
},
"product_reference": "gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-debuginfo-0:0.2.0-39.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686"
},
"product_reference": "gegl-debuginfo-0:0.2.0-39.el8.i686",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-debuginfo-0:0.2.0-39.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le"
},
"product_reference": "gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-debuginfo-0:0.2.0-39.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x"
},
"product_reference": "gegl-debuginfo-0:0.2.0-39.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-debuginfo-0:0.2.0-39.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64"
},
"product_reference": "gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-debugsource-0:0.2.0-39.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64"
},
"product_reference": "gegl-debugsource-0:0.2.0-39.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-debugsource-0:0.2.0-39.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686"
},
"product_reference": "gegl-debugsource-0:0.2.0-39.el8.i686",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-debugsource-0:0.2.0-39.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le"
},
"product_reference": "gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-debugsource-0:0.2.0-39.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x"
},
"product_reference": "gegl-debugsource-0:0.2.0-39.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gegl-debugsource-0:0.2.0-39.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64"
},
"product_reference": "gegl-debugsource-0:0.2.0-39.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnome-color-manager-0:3.28.0-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le"
},
"product_reference": "gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnome-color-manager-0:3.28.0-3.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src"
},
"product_reference": "gnome-color-manager-0:3.28.0-3.el8.src",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnome-color-manager-0:3.28.0-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64"
},
"product_reference": "gnome-color-manager-0:3.28.0-3.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le"
},
"product_reference": "gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64"
},
"product_reference": "gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le"
},
"product_reference": "gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64"
},
"product_reference": "gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-0:0.10.8-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64"
},
"product_reference": "libgexiv2-0:0.10.8-4.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-0:0.10.8-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686"
},
"product_reference": "libgexiv2-0:0.10.8-4.el8.i686",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-0:0.10.8-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le"
},
"product_reference": "libgexiv2-0:0.10.8-4.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-0:0.10.8-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x"
},
"product_reference": "libgexiv2-0:0.10.8-4.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-0:0.10.8-4.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src"
},
"product_reference": "libgexiv2-0:0.10.8-4.el8.src",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-0:0.10.8-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64"
},
"product_reference": "libgexiv2-0:0.10.8-4.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64"
},
"product_reference": "libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686"
},
"product_reference": "libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le"
},
"product_reference": "libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x"
},
"product_reference": "libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64"
},
"product_reference": "libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64"
},
"product_reference": "libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686"
},
"product_reference": "libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le"
},
"product_reference": "libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x"
},
"product_reference": "libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64"
},
"product_reference": "libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64"
},
"product_reference": "libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686"
},
"product_reference": "libgexiv2-devel-0:0.10.8-4.el8.i686",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le"
},
"product_reference": "libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x"
},
"product_reference": "libgexiv2-devel-0:0.10.8-4.el8.s390x",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
},
"product_reference": "libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0:0.27.2-5.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64"
},
"product_reference": "exiv2-0:0.27.2-5.el8.aarch64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0:0.27.2-5.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le"
},
"product_reference": "exiv2-0:0.27.2-5.el8.ppc64le",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0:0.27.2-5.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x"
},
"product_reference": "exiv2-0:0.27.2-5.el8.s390x",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0:0.27.2-5.el8.src as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src"
},
"product_reference": "exiv2-0:0.27.2-5.el8.src",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-0:0.27.2-5.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64"
},
"product_reference": "exiv2-0:0.27.2-5.el8.x86_64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64"
},
"product_reference": "exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686"
},
"product_reference": "exiv2-debuginfo-0:0.27.2-5.el8.i686",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le"
},
"product_reference": "exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x"
},
"product_reference": "exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debuginfo-0:0.27.2-5.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64"
},
"product_reference": "exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64"
},
"product_reference": "exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686"
},
"product_reference": "exiv2-debugsource-0:0.27.2-5.el8.i686",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le"
},
"product_reference": "exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x"
},
"product_reference": "exiv2-debugsource-0:0.27.2-5.el8.s390x",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-debugsource-0:0.27.2-5.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64"
},
"product_reference": "exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-devel-0:0.27.2-5.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64"
},
"product_reference": "exiv2-devel-0:0.27.2-5.el8.aarch64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-devel-0:0.27.2-5.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686"
},
"product_reference": "exiv2-devel-0:0.27.2-5.el8.i686",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-devel-0:0.27.2-5.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le"
},
"product_reference": "exiv2-devel-0:0.27.2-5.el8.ppc64le",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-devel-0:0.27.2-5.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x"
},
"product_reference": "exiv2-devel-0:0.27.2-5.el8.s390x",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-devel-0:0.27.2-5.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64"
},
"product_reference": "exiv2-devel-0:0.27.2-5.el8.x86_64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-doc-0:0.27.2-5.el8.noarch as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch"
},
"product_reference": "exiv2-doc-0:0.27.2-5.el8.noarch",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-0:0.27.2-5.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64"
},
"product_reference": "exiv2-libs-0:0.27.2-5.el8.aarch64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-0:0.27.2-5.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686"
},
"product_reference": "exiv2-libs-0:0.27.2-5.el8.i686",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-0:0.27.2-5.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le"
},
"product_reference": "exiv2-libs-0:0.27.2-5.el8.ppc64le",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-0:0.27.2-5.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x"
},
"product_reference": "exiv2-libs-0:0.27.2-5.el8.s390x",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-0:0.27.2-5.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64"
},
"product_reference": "exiv2-libs-0:0.27.2-5.el8.x86_64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64"
},
"product_reference": "exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686"
},
"product_reference": "exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le"
},
"product_reference": "exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x"
},
"product_reference": "exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64"
},
"product_reference": "exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-0:0.10.8-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64"
},
"product_reference": "libgexiv2-0:0.10.8-4.el8.aarch64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-0:0.10.8-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686"
},
"product_reference": "libgexiv2-0:0.10.8-4.el8.i686",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-0:0.10.8-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le"
},
"product_reference": "libgexiv2-0:0.10.8-4.el8.ppc64le",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-0:0.10.8-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x"
},
"product_reference": "libgexiv2-0:0.10.8-4.el8.s390x",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-0:0.10.8-4.el8.src as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src"
},
"product_reference": "libgexiv2-0:0.10.8-4.el8.src",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-0:0.10.8-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64"
},
"product_reference": "libgexiv2-0:0.10.8-4.el8.x86_64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64"
},
"product_reference": "libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686"
},
"product_reference": "libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le"
},
"product_reference": "libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x"
},
"product_reference": "libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64"
},
"product_reference": "libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64"
},
"product_reference": "libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686"
},
"product_reference": "libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le"
},
"product_reference": "libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x"
},
"product_reference": "libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-debugsource-0:0.10.8-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64"
},
"product_reference": "libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64"
},
"product_reference": "libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686"
},
"product_reference": "libgexiv2-devel-0:0.10.8-4.el8.i686",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le"
},
"product_reference": "libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x"
},
"product_reference": "libgexiv2-devel-0:0.10.8-4.el8.s390x",
"relates_to_product_reference": "CRB-8.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgexiv2-devel-0:0.10.8-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
},
"product_reference": "libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"relates_to_product_reference": "CRB-8.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-18005",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2018-01-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1531171"
}
],
"notes": [
{
"category": "description",
"text": "Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18005"
},
{
"category": "external",
"summary": "RHBZ#1531171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18005",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18005"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18005",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18005"
}
],
"release_date": "2017-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp"
},
{
"cve": "CVE-2018-4868",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-01-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1531724"
}
],
"notes": [
{
"category": "description",
"text": "The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-4868"
},
{
"category": "external",
"summary": "RHBZ#1531724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531724"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-4868",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-4868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4868"
}
],
"release_date": "2018-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp"
},
{
"cve": "CVE-2018-9303",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2018-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1566725"
}
],
"notes": [
{
"category": "description",
"text": "In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Exiv2 as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for BigTIFF images.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-9303"
},
{
"category": "external",
"summary": "RHBZ#1566725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566725"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-9303",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9303"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-9303",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9303"
}
],
"release_date": "2018-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp"
},
{
"cve": "CVE-2018-9304",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"discovery_date": "2018-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1566731"
}
],
"notes": [
{
"category": "description",
"text": "In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Exiv2 as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for BigTIFF images.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-9304"
},
{
"category": "external",
"summary": "RHBZ#1566731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-9304",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-9304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9304"
}
],
"release_date": "2018-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp"
},
{
"cve": "CVE-2018-9305",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1566735"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability has been discovered in IptcData::printStructure in iptc.cpp file of Exiv2 0.26. An attacker could cause a crash or an information leak by providing a crafted image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: out of bounds read in IptcData::printStructure in iptc.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Exiv2 as shipped with Red Hat Enterprise Linux 6 and 7, up to 7.4, as they did not include support for printing IPTC Photo Metadata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-9305"
},
{
"category": "external",
"summary": "RHBZ#1566735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-9305",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9305"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-9305",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9305"
}
],
"release_date": "2018-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: out of bounds read in IptcData::printStructure in iptc.c"
},
{
"cve": "CVE-2018-9306",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1566737"
}
],
"notes": [
{
"category": "description",
"text": "[REJECTED CVE] An integer underflow, leading to heap-based out-of-bound read, was found in the way Exiv2 library prints IPTC Photo Metadata embedded in an image. By persuading a victim to open a crafted image, a remote attacker could crash the application or possibly retrieve a portion of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: out of bounds read in IptcData::printStructure in iptc.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2017-17724. Please see https://access.redhat.com/security/cve/CVE-2017-17724 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-9306"
},
{
"category": "external",
"summary": "RHBZ#1566737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-9306",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9306"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-9306",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9306"
}
],
"release_date": "2018-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: out of bounds read in IptcData::printStructure in iptc.c"
},
{
"cve": "CVE-2018-10772",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1594627"
}
],
"notes": [
{
"category": "description",
"text": "The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10772"
},
{
"category": "external",
"summary": "RHBZ#1594627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10772",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10772"
}
],
"release_date": "2018-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file"
},
{
"cve": "CVE-2018-11037",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1579544"
}
],
"notes": [
{
"category": "description",
"text": "In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: information leak via a crafted file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11037"
},
{
"category": "external",
"summary": "RHBZ#1579544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579544"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11037",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11037"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11037",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11037"
}
],
"release_date": "2018-05-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: information leak via a crafted file"
},
{
"cve": "CVE-2018-14338",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2018-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1609396"
}
],
"notes": [
{
"category": "description",
"text": "samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: buffer overflow in samples/geotag.cpp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and 7.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14338"
},
{
"category": "external",
"summary": "RHBZ#1609396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609396"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14338"
}
],
"release_date": "2018-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: buffer overflow in samples/geotag.cpp"
},
{
"cve": "CVE-2018-17229",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1632481"
}
],
"notes": [
{
"category": "description",
"text": "Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17229"
},
{
"category": "external",
"summary": "RHBZ#1632481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17229",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17229"
}
],
"release_date": "2018-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp"
},
{
"cve": "CVE-2018-17230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1632484"
}
],
"notes": [
{
"category": "description",
"text": "Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17230"
},
{
"category": "external",
"summary": "RHBZ#1632484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17230",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17230"
}
],
"release_date": "2018-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp"
},
{
"cve": "CVE-2018-17282",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-09-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1632490"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 prior to 7.5 as they did not include the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17282"
},
{
"category": "external",
"summary": "RHBZ#1632490",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632490"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17282",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17282"
}
],
"release_date": "2018-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash"
},
{
"cve": "CVE-2018-17581",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-09-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1635045"
}
],
"notes": [
{
"category": "description",
"text": "CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17581"
},
{
"category": "external",
"summary": "RHBZ#1635045",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635045"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17581",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17581"
}
],
"release_date": "2018-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service"
},
{
"cve": "CVE-2018-18915",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2018-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1646555"
}
],
"notes": [
{
"category": "description",
"text": "There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 as they did not include the support for printing image ICC profile and recursive image structure where the vulnerability occured.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18915"
},
{
"category": "external",
"summary": "RHBZ#1646555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646555"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18915",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18915"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18915",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18915"
}
],
"release_date": "2018-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp"
},
{
"cve": "CVE-2018-19107",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1649094"
}
],
"notes": [
{
"category": "description",
"text": "In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-19107"
},
{
"category": "external",
"summary": "RHBZ#1649094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-19107",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19107"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19107",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19107"
}
],
"release_date": "2018-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp"
},
{
"cve": "CVE-2018-19108",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2018-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1649101"
}
],
"notes": [
{
"category": "description",
"text": "In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-19108"
},
{
"category": "external",
"summary": "RHBZ#1649101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649101"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-19108",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19108"
}
],
"release_date": "2018-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp"
},
{
"cve": "CVE-2018-19535",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-11-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1656187"
}
],
"notes": [
{
"category": "description",
"text": "In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-19535"
},
{
"category": "external",
"summary": "RHBZ#1656187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-19535",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19535"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19535",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19535"
}
],
"release_date": "2018-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp"
},
{
"cve": "CVE-2018-19607",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1656195"
}
],
"notes": [
{
"category": "description",
"text": "Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7.\n\nThis issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-19607"
},
{
"category": "external",
"summary": "RHBZ#1656195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-19607",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19607"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19607"
}
],
"release_date": "2018-11-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp"
},
{
"cve": "CVE-2018-20096",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1660423"
}
],
"notes": [
{
"category": "description",
"text": "There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20096"
},
{
"category": "external",
"summary": "RHBZ#1660423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20096",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20096"
}
],
"release_date": "2018-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service"
},
{
"cve": "CVE-2018-20097",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1660424"
}
],
"notes": [
{
"category": "description",
"text": "There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20097"
},
{
"category": "external",
"summary": "RHBZ#1660424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660424"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20097",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20097"
}
],
"release_date": "2018-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function"
},
{
"cve": "CVE-2018-20098",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1660425"
}
],
"notes": [
{
"category": "description",
"text": "There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20098"
},
{
"category": "external",
"summary": "RHBZ#1660425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20098"
}
],
"release_date": "2018-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service"
},
{
"cve": "CVE-2018-20099",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2018-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1660426"
}
],
"notes": [
{
"category": "description",
"text": "There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20099"
},
{
"category": "external",
"summary": "RHBZ#1660426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20099"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20099",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20099"
}
],
"release_date": "2018-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service"
},
{
"cve": "CVE-2019-9143",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2019-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1684381"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9143"
},
{
"category": "external",
"summary": "RHBZ#1684381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1684381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9143"
}
],
"release_date": "2019-02-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service"
},
{
"cve": "CVE-2019-13109",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728484"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: denial of service in PngImage::readMetadata",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13109"
},
{
"category": "external",
"summary": "RHBZ#1728484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13109"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13109",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13109"
}
],
"release_date": "2019-06-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: denial of service in PngImage::readMetadata"
},
{
"cve": "CVE-2019-13111",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728488"
}
],
"notes": [
{
"category": "description",
"text": "A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13111"
},
{
"category": "external",
"summary": "RHBZ#1728488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13111",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13111"
}
],
"release_date": "2019-06-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service"
},
{
"cve": "CVE-2019-13112",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728490"
}
],
"notes": [
{
"category": "description",
"text": "A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13112"
},
{
"category": "external",
"summary": "RHBZ#1728490",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728490"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13112",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13112"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13112",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13112"
}
],
"release_date": "2019-06-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service"
},
{
"cve": "CVE-2019-13113",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2019-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728492"
}
],
"notes": [
{
"category": "description",
"text": "Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: invalid data location in CRW image file causing denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13113"
},
{
"category": "external",
"summary": "RHBZ#1728492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13113",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13113"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13113",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13113"
}
],
"release_date": "2019-06-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: invalid data location in CRW image file causing denial of service"
},
{
"cve": "CVE-2019-13114",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2019-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728494"
}
],
"notes": [
{
"category": "description",
"text": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: null-pointer dereference in http.c causing denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13114"
},
{
"category": "external",
"summary": "RHBZ#1728494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728494"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13114",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13114"
}
],
"release_date": "2019-06-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "exiv2: null-pointer dereference in http.c causing denial of service"
},
{
"cve": "CVE-2019-20421",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1800472"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in exiv2 in the way JPEG 2000 (JP2) metadata was read when processing an image file. A remote attacker could abuse this flaw to create a specially crafted image, causing exiv2 to enter into an infinite loop when processing an incoming malicious image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code, which was introduced in a later version of the library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20421"
},
{
"category": "external",
"summary": "RHBZ#1800472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800472"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20421",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20421"
}
],
"release_date": "2019-09-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-28T15:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"AppStream-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"AppStream-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.src",
"AppStream-8.2.0.GA:gegl-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debuginfo-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.aarch64",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.i686",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.ppc64le",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.s390x",
"AppStream-8.2.0.GA:gegl-debugsource-0:0.2.0-39.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.src",
"AppStream-8.2.0.GA:gnome-color-manager-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debuginfo-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.ppc64le",
"AppStream-8.2.0.GA:gnome-color-manager-debugsource-0:3.28.0-3.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"AppStream-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"AppStream-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.src",
"CRB-8.2.0.GA:exiv2-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-debugsource-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-devel-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-doc-0:0.27.2-5.el8.noarch",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.aarch64",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.i686",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.ppc64le",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.s390x",
"CRB-8.2.0.GA:exiv2-libs-debuginfo-0:0.27.2-5.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.src",
"CRB-8.2.0.GA:libgexiv2-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debuginfo-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-debugsource-0:0.10.8-4.el8.x86_64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.aarch64",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.i686",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.ppc64le",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.s390x",
"CRB-8.2.0.GA:libgexiv2-devel-0:0.10.8-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS"
}
]
}
ghsa-7jp6-64vf-6wq3
Vulnerability from github
Published
2022-05-24 22:00
Modified
2023-01-10 21:30
Severity ?
VLAI Severity ?
Details
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
{
"affected": [],
"aliases": [
"CVE-2019-13114"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-30T23:15:00Z",
"severity": "MODERATE"
},
"details": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.",
"id": "GHSA-7jp6-64vf-6wq3",
"modified": "2023-01-10T21:30:30Z",
"published": "2022-05-24T22:00:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13114"
},
{
"type": "WEB",
"url": "https://github.com/Exiv2/exiv2/issues/793"
},
{
"type": "WEB",
"url": "https://github.com/Exiv2/exiv2/pull/815"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4056-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
fkie_cve-2019-13114
Vulnerability from fkie_nvd
Published
2019-06-30 23:15
Modified
2024-11-21 04:24
Severity ?
Summary
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html | Broken Link | |
| cve@mitre.org | https://github.com/Exiv2/exiv2/issues/793 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/Exiv2/exiv2/pull/815 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/ | ||
| cve@mitre.org | https://support.f5.com/csp/article/K45429077?utm_source=f5support&%3Butm_medium=RSS | ||
| cve@mitre.org | https://usn.ubuntu.com/4056-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Exiv2/exiv2/issues/793 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Exiv2/exiv2/pull/815 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K45429077?utm_source=f5support&%3Butm_medium=RSS | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4056-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| exiv2 | exiv2 | * | |
| fedoraproject | fedora | 30 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFA28DF-4BFE-4CA7-A2F7-F471F91B856E",
"versionEndIncluding": "0.27.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character."
},
{
"lang": "es",
"value": "En el archivo http.c en Exiv2 hasta la versi\u00f3n 0.27.1, permite a un servidor http malicioso causar una denegaci\u00f3n de servicio (bloqueo debido a una desreferencia del puntero NULL) mediante el retorno de una respuesta creada que carece de un car\u00e1cter espacio."
}
],
"id": "CVE-2019-13114",
"lastModified": "2024-11-21T04:24:13.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-30T23:15:10.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Exiv2/exiv2/issues/793"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Exiv2/exiv2/pull/815"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Exiv2/exiv2/issues/793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Exiv2/exiv2/pull/815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4056-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…