SB2018112607 - Gentoo update for Exiv2

Main Vulnerability Database SB2018112607

SB2018112607 - Gentoo update for Exiv2

Published: November 26, 2018

Security Bulletin ID SB2018112607

Severity

Low

Patch available

YES

Number of vulnerabilities 18

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 18 secuirty vulnerabilities.

1) Memory corruption (CVE-ID: CVE-2017-17723)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Exiv2::Image::byteSwap4 function of image.cpp due to boundary error. A remote attacker can send a specially crafted TIFF image file, trick the victim into opening it and cause the service to crash.

2) Buffer over-read (CVE-ID: CVE-2017-17724)

The vulnerability allows an remote unauthenticated attacker to cause DoS on the target system.

The weakness exists in the Exiv2::IptcData::printStructure function due to insufficient validation of user-supplied input. A remote attacker can submit a specially crafted TIFF file, trigger heap-based buffer over-read and cause the service to crash.

3) Heap-based buffer over-read (CVE-ID: CVE-2018-10780)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in Exiv2::Image::byteSwap2 in image.cpp. A remote attacker can trick the victim into opening a specially crafted input and perform a denial of service attack.

4) Memory corruption (CVE-ID: CVE-2018-10958)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in types.cpp when processing a large size value. A remote attacker can perform Exiv2::Internal::PngChunk::zlibUncompress call and cause a SIGABRT during an attempt at memory allocation.

5) Denial of service (CVE-ID: CVE-2018-10998)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in readMetadata in jp2image.cpp. A remote attacker can trigger an incorrect Safe::add call and cause a denial of service (SIGABRT)

6) Heap-based buffer over-read (CVE-ID: CVE-2018-10999)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the Exiv2::Internal::PngChunk::parseTXTChunk function. A remote attacker can perform a denial of service attack.

7) Memory leak (CVE-ID: CVE-2018-11037)

The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in Exiv2::PngImage::printStructure function in pngimage.cpp. A remote attacker can trick the victim into opening a specially crafted input and gain access to arbitrary data or perform a denial of service attack.

8) Heap-based buffer overflow (CVE-ID: CVE-2018-11531)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer overflow in getData in preview.cpp. A remote attacker can trigger memory corruption and perform a denial of service attack.

9) Memory corruption (CVE-ID: CVE-2018-12264)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflows in LoaderTiff::getData() in preview.cpp. A remote attacker can trigger out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp and perform a denial of service attack.

10) Memory corruption (CVE-ID: CVE-2018-12265)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in the LoaderExifJpeg class in preview.cpp. A remote attacker can trigger out-of-bounds read in Exiv2::MemIo::read in basicio.cpp and perform a denial of service attack.

11) Segmentation fault (CVE-ID: CVE-2018-5772)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. A remote attacker can trick the victim into opening a specially crafted tif input, trigger segmentation fault and perform a denial of service attack.

12) Out-of-bounds read (CVE-ID: CVE-2018-8976)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to out-of-bounds read in image.cpp Exiv2::Internal::stringFormat. A remote attacker can trick the victim into opening a specially crafted input, trigger an error in jpgimage.cpp and perform a denial of service attack.

13) Memory corruption (CVE-ID: CVE-2018-8977)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp. A remote attacker can trick the victim into opening a specially crafted input, trigger memory corruption and perform a denial of service attack.

14) Out-of-bounds read (CVE-ID: CVE-2018-9144)

The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. A remote attacker can trick the victim into opening a specially crafted input and gain access to arbitrary data or perform a denial of service attack.

15) Memory corruption (CVE-ID: CVE-2018-9145)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in the constructor with an initial buffer size in the DataBuf class in include/exiv2/types.hpp. A remote attacker can trick the victim into opening a specially crafted input, trigger a SIGABRT during an attempt at memory allocation and perform a denial of service attack.

16) Assertion failure (CVE-ID: CVE-2018-9303)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to assertion failure in BigTiffImage::readData in bigtiffimage.cpp. A remote attacker can trick the victim into opening a specially crafted input and perform a denial of service attack.

17) Divide by zero (CVE-ID: CVE-2018-9304)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp. A remote attacker can trick the victim into opening a specially crafted input and perform a denial of service attack.

18) Out-of-bounds read (CVE-ID: CVE-2018-9305)

The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to out-of-bounds read in IptcData::printStructure in iptc.c, related to the "== 0x1c" case. A remote attacker can trick the victim into opening a specially crafted input and gain access to arbitrary data or perform a denial of service attack.

Remediation

Install update from vendor's website.

References

https://security.gentoo.org/glsa/201811-14