Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat Enterprise Linux 7: RHSA-2019-2101-01 Low: Exiv2 Security Issues

red hat
Calendar Grey August 6, 2019
Dist Redhat Esm H88
The Blue Fedora announcement presents a minor yet crucial patch for libjpeg-turbo, resolving several vulnerabilities, thereby improving resilience and functionality.
An update for exiv2 is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments.
The following packages have been upgraded to a later upstream version: exiv2 (0.27.0). (BZ#1652637)
Security Fix(es):
* exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in src/iptc.cpp (CVE-2017-17724)
* exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp (CVE-2018-8976)
* exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (CVE-2018-8977)
* exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305)
* exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772)
* exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress() (CVE-2018-10958)
* exiv2: SIGABRT by triggering an incorrect Safe::add call (CVE-2018-10998)
* exiv2: information leak via a crafted file (CVE-2018-11037)
* exiv2: integer overflow in getData function in preview.cpp (CVE-2018-12264)
* exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp (CVE-2018-12265)
* exiv2: heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp (CVE-2018-14046)
* exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282)
* exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581)
* exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915)
* exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107)
* exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108)
* exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535)
* exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607)
* exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096)
* exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097)
* exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098)
* exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory denial of service bug fix Red Hat Enterprise Linux heap overflow low severity exiv2

References

https://access.redhat.com/security/cve/CVE-2017-17724 https://access.redhat.com/security/cve/CVE-2018-8976 https://access.redhat.com/security/cve/CVE-2018-8977 https://access.redhat.com/security/cve/CVE-2018-9305 https://access.redhat.com/security/cve/CVE-2018-10772 https://access.redhat.com/security/cve/CVE-2018-10958 https://access.redhat.com/security/cve/CVE-2018-10998 https://access.redhat.com/security/cve/CVE-2018-11037 https://access.redhat.com/security/cve/CVE-2018-12264 https://access.redhat.com/security/cve/CVE-2018-12265 https://access.redhat.com/security/cve/CVE-2018-14046 https://access.redhat.com/security/cve/CVE-2018-17282 https://access.redhat.com/security/cve/CVE-2018-17581 https://access.redhat.com/security/cve/CVE-2018-18915 https://access.redhat.com/security/cve/CVE-2018-19107 https://access.redhat.com/security/cve/CVE-2018-19108 https://access.redhat.com/security/cve/CVE-2018-19535 https://access.redhat.com/security/cve/CVE-2018-19607 https://access.redhat.com/security/cve/CVE-2018-20096 https://access.redhat.com/security/cve/CVE-2018-20097 https://access.redhat.com/security/cve/CVE-2018-20098 https://access.redhat.com/security/cve/CVE-2018-20099 https://access.redhat.com/security/updates/classification#low Read the Full Advisory

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: exiv2-0.27.0-2.el7_6.src.rpm
x86_64: exiv2-0.27.0-2.el7_6.x86_64.rpm exiv2-debuginfo-0.27.0-2.el7_6.i686.rpm exiv2-debuginfo-0.27.0-2.el7_6.x86_64.rpm exiv2-libs-0.27.0-2.el7_6.i686.rpm exiv2-libs-0.27.0-2.el7_6.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: exiv2-doc-0.27.0-2.el7_6.noarch.rpm
x86_64: exiv2-debuginfo-0.27.0-2.el7_6.i686.rpm exiv2-debuginfo-0.27.0-2.el7_6.x86_64.rpm exiv2-devel-0.27.0-2.el7_6.i686.rpm exiv2-devel-0.27.0-2.el7_6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: exiv2-0.27.0-2.el7_6.src.rpm
x86_64: exiv2-0.27.0-2.el7_6.x86_64.rpm exiv2-debuginfo-0.27.0-2.el7_6.i686.rpm exiv2-debuginfo-0.27.0-2.el7_6.x86_64.rpm exiv2-libs-0.27.0-2.el7_6.i686.rpm exiv2-libs-0.27.0-2.el7_6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: exiv2-doc-0.27.0-2.el7_6.noarch.rpm
x86_64: exiv2-debuginfo-0.27.0-2.el7_6.i686.rpm exiv2-debuginfo-0.27.0-2.el7_6.x86_64.rpm exiv2-devel-0.27.0-2.el7_6.i686.rpm exiv2-devel-0.27.0-2.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: exiv2-0.27.0-2.el7_6.src.rpm
ppc64: exiv2-0.27.0-2.el7_6.ppc64.rpm exiv2-debuginfo-0.27.0-2.el7_6.ppc.rpm exiv2-debuginfo-0.27.0-2.el7_6.ppc64.rpm exiv2-libs-0.27.0-2.el7_6.ppc.rpm

Read the Full Advisory


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:2101-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2101
Issue date: 2019-08-06

Topic

An update for exiv2 is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory denial of service bug fix Red Hat Enterprise Linux heap overflow low severity exiv2

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

Bugs Fixed

1465061 - There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault at exiv2. A crafted input will lead to remote denial of service attack.

1470729 - There is a heap overflow in the software exiv2.

1470737 - There is an invalid free in Action::TaskFactory::cleanup funtion of actions.cpp in exiv2. A crafted input will lead to remote denial of service attack.

1470913 - There is an infinite loop in Exiv2::Image::printIFDStructure funtion of image.cpp in exiv2. A crafted input will lead to remote denial of service attack.

1470946 - There is a heap-buffer-overflow in image.cpp of exiv2.

1470950 - There is a Segmentation fault in the software exiv2 while the function Exiv2::XmpParser::terminate() is finished.

1471772 - There is an illegal address access in basicio.cpp of exiv2.

1473888 - There is a Floating point exception in Exiv2::ValueType of exiv2.

1473889 - There is alloc-dealloc-mismatch in Exiv2::FileIo::seek of exiv2.

1475123 - There is an assertion aborted in tiffvisitor.cpp of exiv2/libexiv2.

1475124 - There is an assertion aborted in tiffvisitor.cpp of exiv2/libexiv2.

1482295 - There is a heap-buffer-overflow in basicio.cpp of exiv2.

1482296 - There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() of exiv2

1482423 - There is a heap-buffer-overflow in the software exiv2 which is triggered in Exiv2::Image::io function.

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here