An update for exiv2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2101 Final 1.0 1.0 2022-11-18 Initial 2022-11-18 2022-11-18 openEuler SA Tool V1.0 2022-11-18 exiv2 security update An update for exiv2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata.It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fix(es): A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.(CVE-2022-3755) An update for exiv2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium exiv2 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2101 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3755 https://nvd.nist.gov/vuln/detail/CVE-2022-3755 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS exiv2-0.27.5-2.oe1.aarch64.rpm exiv2-devel-0.27.5-2.oe1.aarch64.rpm exiv2-debuginfo-0.27.5-2.oe1.aarch64.rpm exiv2-debugsource-0.27.5-2.oe1.aarch64.rpm exiv2-debugsource-0.27.5-2.oe1.aarch64.rpm exiv2-0.27.5-2.oe1.aarch64.rpm exiv2-devel-0.27.5-2.oe1.aarch64.rpm exiv2-debuginfo-0.27.5-2.oe1.aarch64.rpm exiv2-0.27.5-3.oe2203.aarch64.rpm exiv2-devel-0.27.5-3.oe2203.aarch64.rpm exiv2-debuginfo-0.27.5-3.oe2203.aarch64.rpm exiv2-debugsource-0.27.5-3.oe2203.aarch64.rpm exiv2-help-0.27.5-2.oe1.noarch.rpm exiv2-help-0.27.5-2.oe1.noarch.rpm exiv2-help-0.27.5-3.oe2203.noarch.rpm exiv2-0.27.5-2.oe1.src.rpm exiv2-0.27.5-2.oe1.src.rpm exiv2-0.27.5-3.oe2203.src.rpm exiv2-debugsource-0.27.5-2.oe1.x86_64.rpm exiv2-devel-0.27.5-2.oe1.x86_64.rpm exiv2-debuginfo-0.27.5-2.oe1.x86_64.rpm exiv2-0.27.5-2.oe1.x86_64.rpm exiv2-0.27.5-2.oe1.x86_64.rpm exiv2-debugsource-0.27.5-2.oe1.x86_64.rpm exiv2-debuginfo-0.27.5-2.oe1.x86_64.rpm exiv2-devel-0.27.5-2.oe1.x86_64.rpm exiv2-devel-0.27.5-3.oe2203.x86_64.rpm exiv2-0.27.5-3.oe2203.x86_64.rpm exiv2-debuginfo-0.27.5-3.oe2203.x86_64.rpm exiv2-debugsource-0.27.5-3.oe2203.x86_64.rpm A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495. 2022-11-18 CVE-2022-3755 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H exiv2 security update 2022-11-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2101