Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

SUSE: 2022:3598-1 Important: Exiv2 DoS and Buffer Overflow Risk

suse
Calendar Grey October 17, 2022
Dist Suse Esm H88
This critical bulletin highlights 12 flaws found in exiv2 for OpenSUSE. Refer to the instructions provided to implement the necessary security fix.
An update that fixes 15 vulnerabilities is now available

Summary

This update for exiv2 fixes the following issues: - CVE-2021-37621: Fixed denial of service due to infinite loop in Image:printIFDStructure (bsc#1189333). - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332). - CVE-2021-37619: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1189331). - CVE-2021-37618: Fixed out-of-bounds read in Exiv2:Jp2Image:printStructure (bsc#1189330). - CVE-2021-32617: Fixed denial of service inside inefficient algorithm (quadratic complexity) (bsc#1186192). - CVE-2021-31292: Fixed integer overflow in CrwMap:encode0x1810 (bsc#1188756). - CVE-2021-31291: Fixed heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service (bsc#1188733). - CVE-2021-29470: Fixed out-of-bounds read in

References

#1076579 #1086798 #1086810 #1092096 #1114690

#1185447 #1186192 #1188733 #1188756 #1189330

#1189331 #1189332 #1189333 #1189636 #1189780

Cross- CVE-2018-10772 CVE-2018-18915 CVE-2018-5772

CVE-2018-8976 CVE-2018-8977 CVE-2020-18898

CVE-2020-18899 CVE-2021-29470 CVE-2021-31291

CVE-2021-31292 CVE-2021-32617 CVE-2021-37618

CVE-2021-37619 CVE-2021-37620 CVE-2021-37621

CVSS scores:

CVE-2018-10772 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-10772 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-18915 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-18915 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-5772 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3598-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.