SB2018112607 - Gentoo update for Exiv2
Published: November 26, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2017-17723)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Exiv2::Image::byteSwap4 function of image.cpp due to boundary error. A remote attacker can send a specially crafted TIFF image file, trick the victim into opening it and cause the service to crash.
2) Buffer over-read (CVE-ID: CVE-2017-17724)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows an remote unauthenticated attacker to cause DoS on the target system.
The weakness exists in the Exiv2::IptcData::printStructure function due to insufficient validation of user-supplied input. A remote attacker can submit a specially crafted TIFF file, trigger heap-based buffer over-read and cause the service to crash.
3) Heap-based buffer over-read (CVE-ID: CVE-2018-10780)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in Exiv2::Image::byteSwap2 in image.cpp. A remote attacker can trick the victim into opening a specially crafted input and perform a denial of service attack.
4) Memory corruption (CVE-ID: CVE-2018-10958)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in types.cpp when processing a large size value. A remote attacker can perform Exiv2::Internal::PngChunk::zlibUncompress call and cause a SIGABRT during an attempt at memory allocation.
5) Denial of service (CVE-ID: CVE-2018-10998)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in readMetadata in jp2image.cpp. A remote attacker can trigger an incorrect Safe::add call and cause a denial of service (SIGABRT)
6) Heap-based buffer over-read (CVE-ID: CVE-2018-10999)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the Exiv2::Internal::PngChunk::parseTXTChunk function. A remote attacker can perform a denial of service attack.
7) Memory leak (CVE-ID: CVE-2018-11037)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in Exiv2::PngImage::printStructure function in pngimage.cpp. A remote attacker can trick the victim into opening a specially crafted input and gain access to arbitrary data or perform a denial of service attack.
8) Heap-based buffer overflow (CVE-ID: CVE-2018-11531)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer overflow in getData in preview.cpp. A remote attacker can trigger memory corruption and perform a denial of service attack.
9) Memory corruption (CVE-ID: CVE-2018-12264)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflows in LoaderTiff::getData() in preview.cpp. A remote attacker can trigger out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp and perform a denial of service attack.
10) Memory corruption (CVE-ID: CVE-2018-12265)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the LoaderExifJpeg class in preview.cpp. A remote attacker can trigger out-of-bounds read in Exiv2::MemIo::read in basicio.cpp and perform a denial of service attack.
11) Segmentation fault (CVE-ID: CVE-2018-5772)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. A remote attacker can trick the victim into opening a specially crafted tif input, trigger segmentation fault and perform a denial of service attack.
12) Out-of-bounds read (CVE-ID: CVE-2018-8976)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to out-of-bounds read in image.cpp Exiv2::Internal::stringFormat. A remote attacker can trick the victim into opening a specially crafted input, trigger an error in jpgimage.cpp and perform a denial of service attack.
13) Memory corruption (CVE-ID: CVE-2018-8977)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp. A remote attacker can trick the victim into opening a specially crafted input, trigger memory corruption and perform a denial of service attack.
14) Out-of-bounds read (CVE-ID: CVE-2018-9144)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. A remote attacker can trick the victim into opening a specially crafted input and gain access to arbitrary data or perform a denial of service attack.
15) Memory corruption (CVE-ID: CVE-2018-9145)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in the constructor with an initial buffer size in the DataBuf class in include/exiv2/types.hpp. A remote attacker can trick the victim into opening a specially crafted input, trigger a SIGABRT during an attempt at memory allocation and perform a denial of service attack.
16) Assertion failure (CVE-ID: CVE-2018-9303)
CWE-ID: CWE-617 - Reachable Assertion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to assertion failure in BigTiffImage::readData in bigtiffimage.cpp. A remote attacker can trick the victim into opening a specially crafted input and perform a denial of service attack.
17) Divide by zero (CVE-ID: CVE-2018-9304)
CWE-ID: CWE-369 - Divide By Zero
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp. A remote attacker can trick the victim into opening a specially crafted input and perform a denial of service attack.
18) Out-of-bounds read (CVE-ID: CVE-2018-9305)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to out-of-bounds read in IptcData::printStructure in iptc.c, related to the "== 0x1c" case. A remote attacker can trick the victim into opening a specially crafted input and gain access to arbitrary data or perform a denial of service attack.
Remediation
Install update from vendor's website.