Synopsis: Low: exiv2 security, bug fix, and enhancement update
Advisory ID:       SLSA-2019:2101-1
Issue Date:        2019-08-06
CVE Numbers:       CVE-2018-12264
                   CVE-2018-17282
                   CVE-2018-20098
                   CVE-2018-20096
                   CVE-2018-19108
                   CVE-2018-17581
                   CVE-2018-19535
                   CVE-2018-14046
                   CVE-2018-11037
                   CVE-2018-9305
                   CVE-2017-17724
                   CVE-2018-10772
                   CVE-2018-19607
                   CVE-2018-8976
                   CVE-2018-8977
                   CVE-2018-12265
                   CVE-2018-20097
                   CVE-2018-20099
                   CVE-2018-18915
                   CVE-2018-10958
                   CVE-2018-19107
                   CVE-2018-10998
--

The following packages have been upgraded to a later upstream version:
exiv2 (0.27.0).

Security Fix(es):

* exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in
src/iptc.cpp (CVE-2017-17724)

* exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp
(CVE-2018-8976)

* exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF
function in canonmn_int.cpp (CVE-2018-8977)

* exiv2: out of bounds read in IptcData::printStructure in iptc.c
(CVE-2018-9305)

* exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via
crafted file (CVE-2018-10772)

* exiv2: SIGABRT caused by memory allocation in
types.cpp:Exiv2::Internal::PngChunk::zlibUncompress() (CVE-2018-10958)

* exiv2: SIGABRT by triggering an incorrect Safe::add call
(CVE-2018-10998)

* exiv2: information leak via a crafted file (CVE-2018-11037)

* exiv2: integer overflow in getData function in preview.cpp
(CVE-2018-12264)

* exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp
(CVE-2018-12265)

* exiv2: heap-based buffer over-read in WebPImage::decodeChunks in
webpimage.cpp (CVE-2018-14046)

* exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp
leading to application crash (CVE-2018-17282)

* exiv2: Stack overflow in CiffDirectory::readDirectory() at
crwimage_int.cpp leading to denial of service (CVE-2018-17581)

* exiv2: infinite loop in Exiv2::Image::printIFDStructure function in
image.cpp (CVE-2018-18915)

* exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in
iptc.cpp (CVE-2018-19107)

* exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp
(CVE-2018-19108)

* exiv2: heap-based buffer over-read in PngChunk::readRawProfile in
pngchunk_int.cpp (CVE-2018-19535)

* exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp
(CVE-2018-19607)

* exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function
resulting in a denial of service (CVE-2018-20096)

* exiv2: Segmentation fault in
Exiv2::Internal::TiffParserWorker::findPrimaryGroups function
(CVE-2018-20097)

* exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header
resulting in a denial of service (CVE-2018-20098)

* exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a
denial of service (CVE-2018-20099)
--

SL7
  x86_64
    exiv2-libs-0.27.0-2.el7_6.x86_64.rpm
    exiv2-0.27.0-2.el7_6.x86_64.rpm
    exiv2-libs-0.27.0-2.el7_6.i686.rpm
    exiv2-devel-0.27.0-2.el7_6.x86_64.rpm
    exiv2-devel-0.27.0-2.el7_6.i686.rpm
    exiv2-doc-0.27.0-2.el7_6.noarch.rpm
    exiv2-debuginfo-0.27.0-2.el7_6.i686.rpm
    exiv2-debuginfo-0.27.0-2.el7_6.x86_64.rpm
  noarch
    exiv2-doc-0.27.0-2.el7_6.noarch.rpm

- Scientific Linux Development Team

SciLinux: SLSA-2019-2101-1 Low: exiv2 on SL7.x x86_64

exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in src/iptc.cpp (CVE-2017-17724) * exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp (CVE-2018-897...

Summary

Low: exiv2 security, bug fix, and enhancement update



Security Fixes

* exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in src/iptc.cpp (CVE-2017-17724)
* exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp (CVE-2018-8976)
* exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (CVE-2018-8977)
* exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305)
* exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772)
* exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress() (CVE-2018-10958)
* exiv2: SIGABRT by triggering an incorrect Safe::add call (CVE-2018-10998)
* exiv2: information leak via a crafted file (CVE-2018-11037)
* exiv2: integer overflow in getData function in preview.cpp (CVE-2018-12264)
* exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp (CVE-2018-12265)
* exiv2: heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp (CVE-2018-14046)
* exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282)
* exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581)
* exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915)
* exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107)
* exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108)
* exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535)
* exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607)
* exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096)
* exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097)
* exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098)
* exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099)
SL7 x86_64 exiv2-libs-0.27.0-2.el7_6.x86_64.rpm exiv2-0.27.0-2.el7_6.x86_64.rpm exiv2-libs-0.27.0-2.el7_6.i686.rpm exiv2-devel-0.27.0-2.el7_6.x86_64.rpm exiv2-devel-0.27.0-2.el7_6.i686.rpm exiv2-doc-0.27.0-2.el7_6.noarch.rpm exiv2-debuginfo-0.27.0-2.el7_6.i686.rpm exiv2-debuginfo-0.27.0-2.el7_6.x86_64.rpm noarch exiv2-doc-0.27.0-2.el7_6.noarch.rpm
- Scientific Linux Development Team

Severity
Advisory ID: SLSA-2019:2101-1
Issued Date: : 2019-08-06
CVE Numbers: CVE-2018-12264
CVE-2018-17282
CVE-2018-20098

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved