SB2017071716 - Multiple vulnerabilities in GNU Exiv2
Published: July 17, 2017 Updated: October 21, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 25 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2018-17282)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. A remote attacker can perform a denial of service (DoS) attack.
2) Heap-based buffer overflow (CVE-ID: CVE-2018-17229)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Exiv2::d2Data in types.cpp in Exiv2 v0.26. A remote attacker can use a crafted image file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Heap-based buffer overflow (CVE-ID: CVE-2018-17230)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Exiv2::ul2Data in types.cpp in Exiv2 v0.26. A remote attacker can use a crafted image file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2018-4868)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.
5) NULL pointer dereference (CVE-ID: CVE-2017-18005)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata file. A remote attacker can perform a denial of service (DoS) attack.
6) Out-of-bounds read (CVE-ID: CVE-2017-1000126)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
exiv2 0.26 contains a Stack out of bounds read in webp parser
7) Buffer overflow (CVE-ID: CVE-2017-1000127)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Exiv2 0.26 contains a heap buffer overflow in tiff parser
8) Out-of-bounds read (CVE-ID: CVE-2017-1000128)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser
9) Buffer overflow (CVE-ID: CVE-2017-14866)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
10) Use-after-free (CVE-ID: CVE-2017-14857)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.
11) Buffer overflow (CVE-ID: CVE-2017-14858)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
12) Out-of-bounds read (CVE-ID: CVE-2017-14860)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
13) Integer overflow (CVE-ID: CVE-2017-14861)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
14) NULL pointer dereference (CVE-ID: CVE-2017-14863)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. A remote attacker can perform a denial of service (DoS) attack.
15) Buffer overflow (CVE-ID: CVE-2017-14865)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
16) Heap-based buffer overflow (CVE-ID: CVE-2017-12955)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data within basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(). A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Out-of-bounds read (CVE-ID: CVE-2017-12956)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.
18) Out-of-bounds read (CVE-ID: CVE-2017-12957)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.
19) Buffer overflow (CVE-ID: CVE-2017-11592)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.
20) Input validation error (CVE-ID: CVE-2017-11553)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.
21) Out-of-bounds read (CVE-ID: CVE-2017-11336)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
22) Use-after-free (CVE-ID: CVE-2017-11337)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
23) Infinite loop (CVE-ID: CVE-2017-11338)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
24) Buffer overflow (CVE-ID: CVE-2017-11339)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
25) Input validation error (CVE-ID: CVE-2017-11340)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.
Remediation
Install update from vendor's website.
References
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
- https://access.redhat.com/errata/RHSA-2019:2101
- https://github.com/Exiv2/exiv2/issues/457
- https://github.com/Exiv2/exiv2/issues/453
- https://github.com/Exiv2/exiv2/issues/455
- http://www.securityfocus.com/bid/102477
- https://github.com/Exiv2/exiv2/issues/202
- https://github.com/Exiv2/exiv2/issues/168
- http://www.openwall.com/lists/oss-security/2017/06/30/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1494781
- https://bugzilla.redhat.com/show_bug.cgi?id=1495043
- https://bugzilla.redhat.com/show_bug.cgi?id=1494782
- https://bugzilla.redhat.com/show_bug.cgi?id=1494776
- https://bugzilla.redhat.com/show_bug.cgi?id=1494787
- https://bugzilla.redhat.com/show_bug.cgi?id=1494443
- https://bugzilla.redhat.com/show_bug.cgi?id=1494778
- https://bugzilla.redhat.com/show_bug.cgi?id=1482295
- https://bugzilla.redhat.com/show_bug.cgi?id=1482296
- https://bugzilla.redhat.com/show_bug.cgi?id=1482423
- https://bugzilla.redhat.com/show_bug.cgi?id=1473889
- https://bugzilla.redhat.com/show_bug.cgi?id=1471772
- https://bugzilla.redhat.com/show_bug.cgi?id=1470729
- https://bugzilla.redhat.com/show_bug.cgi?id=1470737
- https://bugzilla.redhat.com/show_bug.cgi?id=1470913
- https://bugzilla.redhat.com/show_bug.cgi?id=1470946
- https://bugzilla.redhat.com/show_bug.cgi?id=1470950