SB2019081904 - Multiple vulnerabilities in Exiv2
Published: August 19, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2019-14982)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to integer overflow in the WebPImage::getHeaderOffset() function in webpimage.cpp. A remote attacker can pass a specially crafted file to the affected application, trigger integer overflow and crash the application.
2) NULL pointer dereference (CVE-ID: CVE-2019-13114)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error when parsing HTTP responses without a space character. A remote attacker can perform a denial of service (DoS) attack.
3) Reachable Assertion (CVE-ID: CVE-2019-13113)
CWE-ID: CWE-617 - Reachable Assertion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion due to assertion failure) via an invalid data location in a CRW image file. A remote attacker can cause a denial of service (crash.
4) Resource management error (CVE-ID: CVE-2019-13112)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to memory allocation error in PngChunk::parseChunkContent() function. A remote attacker can create a specially crafted PNG image, pass it to the application and perform a denial of service attack.
5) Integer overflow (CVE-ID: CVE-2019-13111)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to integer overflow in WebPImage::decodeChunks() function. A remote attacker can create a specially crafted WEBP image, pass it to the application, trigger integer overflow and crash the affected application.
6) Integer overflow (CVE-ID: CVE-2019-13110)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to integer overflow in CiffDirectory::readDirectory() function. A remote attacker can create a specially crafted CRW image, pass it to the application, trigger integer overflow and crash the affected application.
7) Integer overflow (CVE-ID: CVE-2019-13109)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in Exiv2 through 0.27.1 due to PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction. A remote attacker can create a crafted PNG image file, trigger integer overflow and perform denial of service (DoS) attack.
8) Integer overflow (CVE-ID: CVE-2019-13108)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in Exiv2 through 0.27.1 due to PngImage::readMetadata mishandles a zero value for iccOffset. A remote attacker can create a crafted PNG image file, trigger integer overflow and perform denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://github.com/Exiv2/exiv2/compare/v0.27.2-RC2...v0.27.2
- https://github.com/Exiv2/exiv2/issues/960
- https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62
- https://github.com/Exiv2/exiv2/issues/793
- https://github.com/Exiv2/exiv2/pull/815
- https://usn.ubuntu.com/4056-1/
- https://github.com/Exiv2/exiv2/issues/841
- https://github.com/Exiv2/exiv2/pull/842
- https://github.com/Exiv2/exiv2/issues/845
- https://github.com/Exiv2/exiv2/pull/846
- https://github.com/Exiv2/exiv2/issues/791
- https://github.com/Exiv2/exiv2/pull/797
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/
- https://github.com/Exiv2/exiv2/issues/843
- https://github.com/Exiv2/exiv2/pull/844
- https://github.com/Exiv2/exiv2/issues/790
- https://github.com/Exiv2/exiv2/pull/795
- https://github.com/Exiv2/exiv2/issues/789
- https://github.com/Exiv2/exiv2/pull/794