SB2018112607 - Gentoo update for Exiv2



SB2018112607 - Gentoo update for Exiv2

Published: November 26, 2018

Security Bulletin ID SB2018112607
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 18
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 18 vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2017-17723)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Exiv2::Image::byteSwap4 function of image.cpp due to boundary error. A remote attacker can send a specially crafted TIFF image file, trick the victim into opening it and cause the service to crash.

2) Buffer over-read (CVE-ID: CVE-2017-17724)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows an remote unauthenticated attacker to cause DoS on the target system.

The weakness exists in the Exiv2::IptcData::printStructure function due to insufficient validation of user-supplied input. A remote attacker can submit a specially crafted TIFF file, trigger heap-based buffer over-read and cause the service to crash.

3) Heap-based buffer over-read (CVE-ID: CVE-2018-10780)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in Exiv2::Image::byteSwap2 in image.cpp. A remote attacker can trick the victim into opening a specially crafted input and perform a denial of service attack.


4) Memory corruption (CVE-ID: CVE-2018-10958)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in types.cpp when processing a large size value. A remote attacker can perform Exiv2::Internal::PngChunk::zlibUncompress call and cause a SIGABRT during an attempt at memory allocation.


5) Denial of service (CVE-ID: CVE-2018-10998)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in readMetadata in jp2image.cpp. A remote attacker can trigger an incorrect Safe::add call and cause a denial of service (SIGABRT)


6) Heap-based buffer over-read (CVE-ID: CVE-2018-10999)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the Exiv2::Internal::PngChunk::parseTXTChunk function. A remote attacker can perform a denial of service attack.


7) Memory leak (CVE-ID: CVE-2018-11037)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in Exiv2::PngImage::printStructure function in pngimage.cpp. A remote attacker can trick the victim into opening a specially crafted input and gain access to arbitrary data or perform a denial of service attack.


8) Heap-based buffer overflow (CVE-ID: CVE-2018-11531)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer overflow in getData in preview.cpp. A remote attacker can trigger memory corruption and perform a denial of service attack.


9) Memory corruption (CVE-ID: CVE-2018-12264)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflows in LoaderTiff::getData() in preview.cpp. A remote attacker can trigger out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp and perform a denial of service attack.


10) Memory corruption (CVE-ID: CVE-2018-12265)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in the LoaderExifJpeg class in preview.cpp. A remote attacker can trigger out-of-bounds read in Exiv2::MemIo::read in basicio.cpp and perform a denial of service attack.


11) Segmentation fault (CVE-ID: CVE-2018-5772)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. A remote attacker can trick the victim into opening a specially crafted tif input, trigger segmentation fault and perform a denial of service attack.


12) Out-of-bounds read (CVE-ID: CVE-2018-8976)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to out-of-bounds read in image.cpp Exiv2::Internal::stringFormat. A remote attacker can trick the victim into opening a specially crafted input, trigger an error in jpgimage.cpp and perform a denial of service attack.


13) Memory corruption (CVE-ID: CVE-2018-8977)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp. A remote attacker can trick the victim into opening a specially crafted input, trigger memory corruption and perform a denial of service attack.


14) Out-of-bounds read (CVE-ID: CVE-2018-9144)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. A remote attacker can trick the victim into opening a specially crafted input and gain access to arbitrary data or perform a denial of service attack.


15) Memory corruption (CVE-ID: CVE-2018-9145)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in the constructor with an initial buffer size in the DataBuf class in include/exiv2/types.hpp. A remote attacker can trick the victim into opening a specially crafted input, trigger a SIGABRT during an attempt at memory allocation and perform a denial of service attack.


16) Assertion failure (CVE-ID: CVE-2018-9303)

CWE-ID: CWE-617 - Reachable Assertion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to assertion failure in BigTiffImage::readData in bigtiffimage.cpp. A remote attacker can trick the victim into opening a specially crafted input and perform a denial of service attack.


17) Divide by zero (CVE-ID: CVE-2018-9304)

CWE-ID: CWE-369 - Divide By Zero

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp. A remote attacker can trick the victim into opening a specially crafted input and perform a denial of service attack.


18) Out-of-bounds read (CVE-ID: CVE-2018-9305)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to out-of-bounds read in IptcData::printStructure in iptc.c, related to the "== 0x1c" case. A remote attacker can trick the victim into opening a specially crafted input and gain access to arbitrary data or perform a denial of service attack.


Remediation

Install update from vendor's website.