Lucene search

K
debian
DebianDEBIAN:DLA-2750-1:F28B2
HistoryAug 30, 2021 - 3:03 a.m.

[SECURITY] [DLA 2750-1] exiv2 security update

2021-08-3003:03:59
lists.debian.org
19

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.008 Low

EPSS

Percentile

80.8%


Debian LTS Advisory DLA-2750-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
August 30, 2021 https://wiki.debian.org/LTS


Package : exiv2
Version : 0.25-3.1+deb9u3
CVE ID : CVE-2019-20421 CVE-2021-3482 CVE-2021-29457
CVE-2021-29473 CVE-2021-31291 CVE-2021-31292
Debian Bug : 950183 986888 987277 991705 991705 991706

Several vulnerabilities have been discovered in Exiv2, a C++ library
and a command line utility to manage image metadata which could result
in denial of service or the execution of arbitrary code if a malformed
file is parsed.

For Debian 9 stretch, these problems have been fixed in version
0.25-3.1+deb9u3.

We recommend that you upgrade your exiv2 packages.

For the detailed security status of exiv2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/exiv2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.008 Low

EPSS

Percentile

80.8%

Related for DEBIAN:DLA-2750-1:F28B2