Bug number - 773846

Part of package: exiv2.

Bug description:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
Debian Bug report logs -  #773846 exiv2: CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler
Package:      exiv2; Maintainer for exiv2 is Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>; Source for exiv2 is src:exiv2 (PTS, buildd, popcon).  Affects: digikam, geeqie
Reported by: Klaus Ethgen <Klaus@Ethgen.de>
Date: Tue, 23 Dec 2014 23:21:06 UTC
Severity: grave
Tags: fixed-upstream, patch, security, upstream
Found in versions exiv2/0.24-1, exiv2/0.24-4
Fixed in version exiv2/0.24-4.1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.Forwarded to http://dev.exiv2.org/issues/960

All x-patch and x-diff attachments.

Patch	Author	Date
0001-960-Added-a-Buffer-Overflow-Fix-in-INFO-tags-of-RIFF.patch	Klaus Ethgen <Klaus@Ethgen.de>	Wed, 24 Dec 2014 00:19:05 +0100
exiv2-0.24-4.1-nmu.diff	Salvatore Bonaccorso <carnil@debian.org>	Wed, 7 Jan 2015 20:48:31 +0100

Original bug report here.