Msrc Cbl2 Exiv2 0.27.5-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2021-32815 [MEDIUM] CWE-617 Denial of service due to assertion failure in crwimage_int.cpp Denial of service due to assertion failure in crwimage_int.cpp FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2021-34334 [MEDIUM] CWE-835 Denial of service due to integer overflow in loop counter Denial of service due to integer overflow in loop counter FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2021-37622 [MEDIUM] CWE-835 Denial of service due to infinite loop in JpegBase::printStructure (#1) Denial of service due to infinite loop in JpegBase::printStructure (#1) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2021-37619 [MEDIUM] CWE-125 Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2021-34335 [MEDIUM] CWE-369 Denial of service due to FPE in Exiv2::Internal::resolveLens0xffff Denial of service due to FPE in Exiv2::Internal::resolveLens0xffff FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2021-37621 [MEDIUM] CWE-835 Denial of service due to infinite loop in Image::printIFDStructure Denial of service due to infinite loop in Image::printIFDStructure FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2021-37618 [MEDIUM] CWE-125 Out-of-bounds read in Exiv2::Jp2Image::printStructure Out-of-bounds read in Exiv2::Jp2Image::printStructure FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2021-37616 [MEDIUM] CWE-476 Null pointer dereference in Exiv2::Internal::resolveLens0x8ff Null pointer dereference in Exiv2::Internal::resolveLens0x8ff FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2021-37623 [MEDIUM] CWE-835 Denial of service due to infinite loop in JpegBase::printStructure (#2) Denial of service due to infinite loop in JpegBase::printStructure (#2) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2021-37620 [MEDIUM] CWE-125 Out-of-bounds read in XmpTextValue::read() Out-of-bounds read in XmpTextValue::read() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2021-37615 [MEDIUM] CWE-476 Null pointer dereference in Exiv2::Internal::resolveLens0x319 Null pointer dereference in Exiv2::Internal::resolveLens0x319 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2021-32617 [MEDIUM] CWE-400 Denial of service in Exiv2 Denial of service in Exiv2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpa

CVE-2021-29623 [LOW] CWE-908 Uninitialized variable bug in Exiv2 Uninitialized variable bug in Exiv2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is commi

CVE-2021-29457 [HIGH] CWE-122 Heap buffer overflow in Exiv2::Jp2Image::doWriteMetadata Heap buffer overflow in Exiv2::Jp2Image::doWriteMetadata FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2021-29464 [LOW] CWE-787 Heap buffer overflow in Exiv2::Jp2Image::encodeJp2Header Heap buffer overflow in Exiv2::Jp2Image::encodeJp2Header FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2021-29463 [LOW] CWE-125 Out-of-bounds read in Exiv2::WebPImage::doWriteMetadata Out-of-bounds read in Exiv2::WebPImage::doWriteMetadata FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which th

CVE-2021-29470 [MEDIUM] CWE-125 Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2021-3482 [MEDIUM] CWE-787 A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffe A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

CVE-2021-29458 [MEDIUM] CWE-125 Out-of-bounds read in Exiv2::Internal::CrwMap::encode Out-of-bounds read in Exiv2::Internal::CrwMap::encode FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2021-29473 [LOW] CWE-125 Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the