Описание
Security update for exiv2
This update for exiv2 fixes the following issues:
exiv2 was updated to latest 0.26 branch, fixing bugs and security issues:
- CVE-2017-1000126: Fixed an out of bounds read in webp parser (bsc#1068873).
- CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973).
- CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which might have led to an out-of-bounds read (bsc#1097600).
- CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could have led to memory corruption (bsc#1097599).
- CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109175).
- CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109176).
- CVE-2018-17282: Fixed a null pointer dereference in Exiv2::DataValue::copy (bsc#1109299).
- CVE-2018-19108: Fixed an integer overflow in Exiv2::PsdImage::readMetadata which could have led to infinite loop (bsc#1115364).
- CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed which might have led to denial of service (bsc#1117513).
- CVE-2018-9305: Fixed an out of bounds read in IptcData::printStructure which might have led to to information leak or denial of service (bsc#1088424).
- CVE-2019-13114: Fixed a null pointer dereference which might have led to denial of service via a crafted response of an malicious http server (bsc#1142684).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0482-1
- SUSE Security Ratings
- SUSE Bug 1040973
- SUSE Bug 1068873
- SUSE Bug 1088424
- SUSE Bug 1097599
- SUSE Bug 1097600
- SUSE Bug 1109175
- SUSE Bug 1109176
- SUSE Bug 1109299
- SUSE Bug 1115364
- SUSE Bug 1117513
- SUSE Bug 1142684
- SUSE CVE CVE-2017-1000126 page
- SUSE CVE CVE-2017-9239 page
- SUSE CVE CVE-2018-12264 page
- SUSE CVE CVE-2018-12265 page
- SUSE CVE CVE-2018-17229 page
- SUSE CVE CVE-2018-17230 page
- SUSE CVE CVE-2018-17282 page
Описание
exiv2 0.26 contains a Stack out of bounds read in webp parser
Затронутые продукты
Ссылки
- CVE-2017-1000126
- SUSE Bug 1068873
Описание
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.
Затронутые продукты
Ссылки
- CVE-2017-9239
- SUSE Bug 1040973
Описание
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
Затронутые продукты
Ссылки
- CVE-2018-12264
- SUSE Bug 1097600
Описание
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
Затронутые продукты
Ссылки
- CVE-2018-12265
- SUSE Bug 1097599
Описание
Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2018-17229
- SUSE Bug 1109175
- SUSE Bug 1109176
Описание
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2018-17230
- SUSE Bug 1109176
Описание
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2018-17282
- SUSE Bug 1109299
Описание
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
Затронутые продукты
Ссылки
- CVE-2018-19108
- SUSE Bug 1115364
Описание
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2018-19607
- SUSE Bug 1117513
Описание
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
Затронутые продукты
Ссылки
- CVE-2018-9305
- SUSE Bug 1088424
Описание
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
Затронутые продукты
Ссылки
- CVE-2019-13114
- SUSE Bug 1142684