Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 8: MGASA-2021-0415 Critical: Exiv2 Denial Of Service Issues

mageia
Calendar Grey September 4, 2021
Dist Mageia Esm H88
Mageia has released updated Exiv2 packages addressing security flaws that may lead to denial of service through specially crafted images.
The updated exiv2 packages fix security vulnerabilities: An assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file

Summary

The updated exiv2 packages fix security vulnerabilities:
An assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file (CVE-2021-32815).
An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file (CVE-2021-34334).
A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file (CVE-2021-34335).
A null pointer...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29371

- https://ubuntu.com/security/notices/USN-5043-1

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE/

- https://www.cve.org/CVERecord?id=CVE-2021-32815

- https://www.cve.org/CVERecord?id=CVE-2021-34334

- https://www.cve.org/CVERecord?id=CVE-2021-34335

- https://www.cve.org/CVERecord?id=CVE-2021-37615

- https://www.cve.org/CVERecord?id=CVE-2021-37616

- https://www.cve.org/CVERecord?id=CVE-2021-37618

- https://www.cve.org/CVERecord?id=CVE-2021-37619

- https://www.cve.org/CVERecord?id=CVE-2021-37620

- https://www.cve.org/CVERecord?id=CVE-2021-37621

- https://www.cve.org/CVERecord?id=CVE-2021-37622

- https://www.cve.org/CVERecord?id=CVE-2021-37623

Topics%20covered

Topics Covered

security advisory denial of service update software issue exiv2 mageia

Resolution

SRPMS

- 8/core/exiv2-0.27.3-1.3.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 04 Sep 2021
URL: https://advisories.mageia.org/MGASA-2021-0415.html
Type: security
CVE: CVE-2021-32815, CVE-2021-34334, CVE-2021-34335, CVE-2021-37615, CVE-2021-37616, CVE-2021-37618, CVE-2021-37619, CVE-2021-37620, CVE-2021-37621, CVE-2021-37622, CVE-2021-37623

Topics%20covered

Topics Covered

security advisory denial of service update software issue exiv2 mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here