Recent Releases

0.28.309 Jul 2024 14:45 minor feature: Changes from version 0.28.2 to 0.28.3 Release Notes: https://github.com/Exiv2/exiv2//3008. https://github.com/Exiv2/exiv2/milestone/14?=1. This release also a low-severity security in asfvideo.cpp: CVE-2024-39695: out-of-bounds read in AsfVideo::streamProperties. This vulnerability is in a new feature (ASF video) that was added in version 0.28.0, so earlier versions of Exiv2 are not affected. Changes from version 0.28.1 to 0.28.2. Release Notes: https://github.com/Exiv2/exiv2//2914. https://github.com/Exiv2/exiv2/milestone/13?=1. This release also two low-severity security in quicktimevideo.cpp: CVE-2024-24826: out-of-bounds read in QuickTimeVideo::NikonTagsDecoder. CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder. These vulnerabilities are in a new feature (quicktime video) that was added in version 0.28.0, so earlier versions of Exiv2 are not affected. Changes from version 0.28.0 to 0.28.1. Release Notes: https://github.com/Exiv2/exiv2//2813 This release also CVE-2023-44398, an out-of-bounds write in `BmffImage::brotliUncompress`. The vulnerability is in new code that was added in version 0.28.0, so earlier versions of Exiv2 are not affected. Changes from version 0.27.6 to 0.28.0. Release Notes: https://github.com/Exiv2/exiv2//2406#comment-1529139799 Changes from version 0.27.5 to 0.27.6. https://github.com/Exiv2/exiv2/milestone/10?=1 Open: https://github.com/Exiv2/exiv2/milestone/10?open=1 Release Notes: https://github.com/Exiv2/exiv2//2406#comment-1383302378 Changes from version 0.27.4 to 0.27.5. https://github.com/Exiv2/exiv2/milestone/9?=1 Open: https://github.com/Exiv2/exiv2/milestone/9?open=1 Release Notes: https://github.com/Exiv2/exiv2//1018#comment-948573657 History ---------------. Changes from version 0.27.3 to 0.27.4. https://github.com/Exiv2/exiv2/milestone/6?=1 Open: https://github.com/Exiv2/exiv2/milestone/6?open=1 Release Notes: https://github.com/Exiv2/exiv2//1018#comment-757979745 Group PR
0.28.214 Feb 2024 03:11 security: Release Notes: * https://github.com/Exiv2/exiv2/issues/2914 * https://github.com/Exiv2/exiv2/milestone/13?closed=1 This release also fixes two low-severity security issues in quicktimevideo.cpp: * CVE-2024-24826 (https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w): out-of-bounds read in QuickTimeVideo::NikonTagsDecoder. * CVE-2024-25112 (https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36): denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder. These vulnerabilities are in a new feature (quicktime video) that was added in version 0.28.0, so earlier versions of Exiv2 are not affected.