MAGEIA-2021-240
The updated packages fix security vulnerabilities: Heap-based buffer overflow in Jp2Image::readMetadata(). (CVE-2021-3482) Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata. (CVE-2021-29457) Out-of-bounds read in Exiv2::Internal::CrwMap::encode. (CVE-2021-29458) Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-29463) Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-29464) Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header. (CVE-2021-29470) Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata. (CVE-2021-29473) Read of uninitialized memory may lead to information leak. (CVE-2021-29623) DoS due to quadratic complexity in ProcessUTF8Portion. (CVE-2021-32617)
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia | nvidia-current | 0, 470.94-1.mga8.nonfree |
| Mageia | exiv2 | 0.27.3-1.1.mga8, 0, 0 |
| Mageia | exiv2 | 0, 0.27.1-3.5.mga7, 0 |
| Mageia | ldetect-lst | 0, 0.6.26.9-1.mga8 |
Timeline
- Jun 8, 2021 CVE Updated
- Jun 8, 2021 CVE Published
- Mar 17, 2026 Distribution Patch
- Mar 17, 2026 Distribution Patch
- Mar 17, 2026 Security Advisory
- Mar 17, 2026 Security Advisory
References
- Updated exiv2 packages fix security vulnerabilities advisory
- Updated exiv2 packages fix security vulnerabilities issue
- Updated exiv2 packages fix security vulnerabilities issue
- Updated exiv2 packages fix security vulnerabilities issue
- Updated exiv2 packages fix security vulnerabilities advisory
- Updated exiv2 packages fix security vulnerabilities advisory
- Updated nvidia-current packages advisory
- Updated nvidia-current packages issue
- Updated nvidia-current packages issue