Executive Summary
Summary | |
---|---|
Title | exiv2 security, bug fix, and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2019:2101 | First vendor Publication | 2019-08-06 |
Vendor | RedHat | Last vendor Modification | 2019-08-06 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An update for exiv2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 (0.27.0). (BZ#1652637) Security Fix(es): * exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in src/iptc.cpp (CVE-2017-17724) * exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp (CVE-2018-8976) * exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (CVE-2018-8977) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305) * exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772) * exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress() (CVE-2018-10958) * exiv2: SIGABRT by triggering an incorrect Safe::add call (CVE-2018-10998) * exiv2: information leak via a crafted file (CVE-2018-11037) * exiv2: integer overflow in getData function in preview.cpp (CVE-2018-12264) * exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp (CVE-2018-12265) * exiv2: heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp (CVE-2018-14046) * exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282) * exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581) * exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915) * exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107) * exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108) * exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535) * exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607) * exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096) * exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097) * exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098) * exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1465061 - There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault at exiv2. A crafted input will lead to remote denial of service attack. 1470729 - There is a heap overflow in the software exiv2. 1470737 - There is an invalid free in Action::TaskFactory::cleanup funtion of actions.cpp in exiv2. A crafted input will lead to remote denial of service attack. 1470913 - There is an infinite loop in Exiv2::Image::printIFDStructure funtion of image.cpp in exiv2. A crafted input will lead to remote denial of service attack. 1470946 - There is a heap-buffer-overflow in image.cpp of exiv2. 1470950 - There is a Segmentation fault in the software exiv2 while the function Exiv2::XmpParser::terminate() is finished. 1471772 - There is an illegal address access in basicio.cpp of exiv2. 1473888 - There is a Floating point exception in Exiv2::ValueType of exiv2. 1473889 - There is alloc-dealloc-mismatch in Exiv2::FileIo::seek of exiv2. 1475123 - There is an assertion aborted in tiffvisitor.cpp of exiv2/libexiv2. 1475124 - There is an assertion aborted in tiffvisitor.cpp of exiv2/libexiv2. 1482295 - There is a heap-buffer-overflow in basicio.cpp of exiv2. 1482296 - There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() of exiv2 1482423 - There is a heap-buffer-overflow in the software exiv2 which is triggered in Exiv2::Image::io function. 1494443 - Null pointer dereference vulnerability in Exiv2::Image::printIFDStructure (image.cpp:408) 1494467 - Invalid memory address dereference in Exiv2::getULong(types.cpp:246) 1494776 - It is a heap-buffer-overflow in Exiv2::Jp2Image::readMetadata (jp2image.cpp:277) 1494778 - It is a heap-buffer-overflow in Exiv2::us2Data (types.cpp:346) 1494780 - Invalid memory address dereference in Exiv2::StringValueBase::read ( in value.cpp:302) 1494781 - It is a heap-buffer-overflow in Exiv2::s2Data (types.cpp:383) 1494782 - It is a heap-buffer-overflow in Exiv2::l2Data (types.cpp:398) 1494786 - Invalid memory address dereference in Exiv2::DataValue::read (value.cpp:193) 1494787 - it is a stack-overflow vulnerability in Exiv2::Internal::stringFormat[abi:cxx11] ( in image.cpp:975 ) 1495043 - bad free in Exiv2::Image::~Image (image.cpp:173) 1524104 - exiv2 library: heap-based buffer over-read in Exiv2::Image::byteSwap4 (image.cpp) 1524107 - exiv2 library: heap-based buffer over-read in Exiv2::IptcData::printStructure (iptc.cpp) 1524116 - exiv2 library: assertion aborted in Exiv2::(anonymous namespace)::readHeader (bigtiffimage.cpp) 1525055 - exiv2 library: heap-buffer-overflow in Exiv2::getULong (types.cpp) 1537353 - Exiv2: integer overflow in floatToRationalCast function (src/types.cpp) 1545237 - CVE-2017-17724 exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in src/iptc.cpp 1561213 - CVE-2018-8976 exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp 1561217 - CVE-2018-8977 exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp 1566260 - There is a Segmentation fault in the software exiv2 when the function Exiv2::tEXtToDataBuf() is finished 1566735 - CVE-2018-9305 exiv2: out of bounds read in IptcData::printStructure in iptc.c 1578659 - CVE-2018-10958 exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress() 1579481 - CVE-2018-10998 exiv2: SIGABRT by triggering an incorrect Safe::add call 1579544 - CVE-2018-11037 exiv2: information leak via a crafted file 1590993 - CVE-2018-12264 exiv2: integer overflow in getData function in preview.cpp 1590994 - CVE-2018-12265 exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp 1594627 - CVE-2018-10772 exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file 1601628 - CVE-2018-14046 exiv2: heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp 1632490 - CVE-2018-17282 exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash 1635045 - CVE-2018-17581 exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service 1646555 - CVE-2018-18915 exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp 1649094 - CVE-2018-19107 exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp 1649101 - CVE-2018-19108 exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp 1652637 - Rebase exiv2 to 0.27 1656187 - CVE-2018-19535 exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp 1656195 - CVE-2018-19607 exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp 1660423 - CVE-2018-20096 exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service 1660424 - CVE-2018-20097 exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function 1660425 - CVE-2018-20098 exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service 1660426 - CVE-2018-20099 exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service 1664361 - Gwenview + Exiv2 crash in Pentax camera files |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2019-2101.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
48 % | CWE-125 | Out-of-bounds Read |
19 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
14 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
10 % | CWE-476 | NULL Pointer Dereference |
5 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
5 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-8b67a5c7e2.nasl - Type : ACT_GATHER_INFO |
2018-11-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201811-14.nasl - Type : ACT_GATHER_INFO |
2018-10-22 | Name : The remote Debian host is missing a security update. File : debian_DLA-1551.nasl - Type : ACT_GATHER_INFO |
2018-09-27 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1286.nasl - Type : ACT_GATHER_INFO |
2018-09-27 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1287.nasl - Type : ACT_GATHER_INFO |
2018-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2018-871fa4d189.nasl - Type : ACT_GATHER_INFO |
2018-07-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4238.nasl - Type : ACT_GATHER_INFO |
2018-06-28 | Name : The remote Debian host is missing a security update. File : debian_DLA-1402.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-03-19 13:18:56 |
|