Описание
Security update for exiv2
This update for exiv2 fixes the following issues:
- CVE-2018-17581: Fixed an excessive stack consumption in CiffDirectory:readDirectory() which might have led to denial of service (bsc#1110282).
- CVE-2019-13110: Fixed an integer overflow and an out of bounds read in CiffDirectory:readDirectory which might have led to denial of service (bsc#1142678).
- CVE-2019-13113: Fixed a potential denial of service via an invalid data location in a CRW image (bsc#1142683).
- CVE-2019-17402: Fixed an improper validation of the relationship of the total size to the offset and size in Exiv2::getULong (bsc#1153577).
- CVE-2019-20421: Fixed an infinite loop triggered via an input file (bsc#1161901).
- CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973).
Список пакетов
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
Ссылки
- Link for SUSE-SU-2020:0860-1
- E-Mail link for SUSE-SU-2020:0860-1
- SUSE Security Ratings
- SUSE Bug 1040973
- SUSE Bug 1110282
- SUSE Bug 1142678
- SUSE Bug 1142683
- SUSE Bug 1153577
- SUSE Bug 1161901
- SUSE CVE CVE-2017-9239 page
- SUSE CVE CVE-2018-17581 page
- SUSE CVE CVE-2019-13110 page
- SUSE CVE CVE-2019-13113 page
- SUSE CVE CVE-2019-17402 page
- SUSE CVE CVE-2019-20421 page
Описание
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.
Затронутые продукты
Ссылки
- CVE-2017-9239
- SUSE Bug 1040973
Описание
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
Затронутые продукты
Ссылки
- CVE-2018-17581
- SUSE Bug 1110282
Описание
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.
Затронутые продукты
Ссылки
- CVE-2019-13110
- SUSE Bug 1142678
Описание
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
Затронутые продукты
Ссылки
- CVE-2019-13113
- SUSE Bug 1142683
Описание
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
Затронутые продукты
Ссылки
- CVE-2019-17402
- SUSE Bug 1153577
Описание
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2019-20421
- SUSE Bug 1161901