SUSE update for exiv2
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2018-20097 CVE-2019-13112 CVE-2021-29457 CVE-2021-29473 CVE-2021-31291 CVE-2021-32815 CVE-2021-34334 CVE-2021-37620 |
| CWE-ID | CWE-119 CWE-399 CWE-617 CWE-835 CWE-125 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
SUSE OpenStack Cloud Crowbar Operating systems & Components / Operating system SUSE Linux Enterprise Software Development Kit Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE OpenStack Cloud Operating systems & Components / Operating system libexiv2-devel Operating systems & Components / Operating system package or component libexiv2-12-debuginfo Operating systems & Components / Operating system package or component libexiv2-12 Operating systems & Components / Operating system package or component exiv2-debugsource Operating systems & Components / Operating system package or component exiv2-debuginfo Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU36299
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-20097
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
MitigationUpdate the affected package exiv2 to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
libexiv2-devel: before 0.23-12.18.1
libexiv2-12-debuginfo: before 0.23-12.18.1
libexiv2-12: before 0.23-12.18.1
exiv2-debugsource: before 0.23-12.18.1
exiv2-debuginfo: before 0.23-12.18.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20224252-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU20307
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13112
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to memory allocation error in PngChunk::parseChunkContent() function. A remote attacker can create a specially crafted PNG image, pass it to the application and perform a denial of service attack.
MitigationUpdate the affected package exiv2 to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
libexiv2-devel: before 0.23-12.18.1
libexiv2-12-debuginfo: before 0.23-12.18.1
libexiv2-12: before 0.23-12.18.1
exiv2-debugsource: before 0.23-12.18.1
exiv2-debuginfo: before 0.23-12.18.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20224252-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Heap-based buffer overflow
EUVDB-ID: #VU55920
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-29457
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim top open a specially crafted image, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`.
MitigationUpdate the affected package exiv2 to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
libexiv2-devel: before 0.23-12.18.1
libexiv2-12-debuginfo: before 0.23-12.18.1
libexiv2-12: before 0.23-12.18.1
exiv2-debugsource: before 0.23-12.18.1
exiv2-debuginfo: before 0.23-12.18.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20224252-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU55921
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-29473
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing Exif, IPTC, XMP and ICC image metadata. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the affected application.
MitigationUpdate the affected package exiv2 to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
libexiv2-devel: before 0.23-12.18.1
libexiv2-12-debuginfo: before 0.23-12.18.1
libexiv2-12: before 0.23-12.18.1
exiv2-debugsource: before 0.23-12.18.1
exiv2-debuginfo: before 0.23-12.18.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20224252-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU55973
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31291
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in jp2image.cpp in Exiv2. A remote attacker can use crafted metadata to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package exiv2 to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
libexiv2-devel: before 0.23-12.18.1
libexiv2-12-debuginfo: before 0.23-12.18.1
libexiv2-12: before 0.23-12.18.1
exiv2-debugsource: before 0.23-12.18.1
exiv2-debuginfo: before 0.23-12.18.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20224252-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Reachable Assertion
EUVDB-ID: #VU69648
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32815
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when handling metadata of image files. A remote attacker can pass a specially crafted image to the application and perform a denial of service (DoS) attack.
Update the affected package exiv2 to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
libexiv2-devel: before 0.23-12.18.1
libexiv2-12-debuginfo: before 0.23-12.18.1
libexiv2-12: before 0.23-12.18.1
exiv2-debugsource: before 0.23-12.18.1
exiv2-debuginfo: before 0.23-12.18.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20224252-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Infinite loop
EUVDB-ID: #VU69649
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34334
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when processing metadata of image files. A remote attacker can pass a specially crafted image to the application, consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected package exiv2 to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
libexiv2-devel: before 0.23-12.18.1
libexiv2-12-debuginfo: before 0.23-12.18.1
libexiv2-12: before 0.23-12.18.1
exiv2-debugsource: before 0.23-12.18.1
exiv2-debuginfo: before 0.23-12.18.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20224252-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU69650
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-37620
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing metadata of a crafted image file. A remote attacker can pass a specially crafted image file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Update the affected package exiv2 to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5
SUSE OpenStack Cloud: 9
libexiv2-devel: before 0.23-12.18.1
libexiv2-12-debuginfo: before 0.23-12.18.1
libexiv2-12: before 0.23-12.18.1
exiv2-debugsource: before 0.23-12.18.1
exiv2-debuginfo: before 0.23-12.18.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20224252-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
