Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Important Exiv2 Denial of Service Fix for SUSE Linux Enterprise 15-SP4

suse
Calendar Grey November 23, 2022
Dist Suse Esm H88
SUSE announces critical patch for exiv2-0_26 tackling numerous security flaws. Ensure your system is safe and up-to-date.
An update that fixes 11 vulnerabilities is now available

Summary

This update for exiv2-0_26 fixes the following issues: - CVE-2019-17402: Fixed improper validation of the total size to the offset and size leads to a crash in Exiv2::getULong in types.cpp (bsc#1153577). - CVE-2018-20098: Fixed a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header (bsc#1119560). - CVE-2018-17581: Fixed an excessive stack consumption CiffDirectory:readDirectory() at crwimage_int.cpp (bsc#1110282). - CVE-2018-20099: exiv2: infinite loop in Exiv2::Jp2Image::encodeJp2Header (bsc#1119559). - CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562). - CVE-2017-11591: Fixed a floating point exception in Exiv2::ValueType (bsc#1050257). - CVE-2018-11531: Fixed a heap-based buffer overflow in getData in

Topics%20covered

Topics Covered

security advisory denial of service update patch important suse exiv2

References

#1050257 #1095070 #1110282 #1119559 #1119560

#1119562 #1142677 #1142678 #1153577 #1186231

#1189337

Cross- CVE-2017-11591 CVE-2018-11531 CVE-2018-17581

CVE-2018-20097 CVE-2018-20098 CVE-2018-20099

CVE-2019-13109 CVE-2019-13110 CVE-2019-17402

CVE-2021-29473 CVE-2021-32815

CVSS scores:

CVE-2017-11591 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2017-11591 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-11531 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2018-11531 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVE-2018-17581 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-17581 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4208-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service update patch important suse exiv2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here