Updated exiv2 packages fix security vulnerability
Publication date: 13 Feb 2020Modification date: 13 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20421
Description
The updated packages fix a security vulnerability: In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2019-20421)
References
SRPMS
7/core
- exiv2-0.27.1-3.3.mga7