Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE Linux: 2022:4252-1 Important Exiv2 Denial Of Service Issues

suse
Calendar Grey November 28, 2022
Dist Suse Esm H88
A crucial patch has been issued for exiv2 addressing several vulnerabilities classified as significant by SUSE.
An update that fixes 8 vulnerabilities is now available

Summary

This update for exiv2 fixes the following issues: - CVE-2019-13112: Fixed an uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service. (bsc#1142681) - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read(). (bsc#1189332) - CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter. (bsc#1189338) - CVE-2021-31291: Fixed a heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata (bsc#1188733). - CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337). - CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562). - CVE-2021-29457: Fixed a heap buffer overflow when write metadata into a

Topics%20covered

Topics Covered

security advisory denial of service important SUSE Linux exiv2

References

#1119562 #1142681 #1185002 #1186231 #1188733

#1189332 #1189337 #1189338

Cross- CVE-2018-20097 CVE-2019-13112 CVE-2021-29457

CVE-2021-29473 CVE-2021-31291 CVE-2021-32815

CVE-2021-34334 CVE-2021-37620

CVSS scores:

CVE-2018-20097 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-20097 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2019-13112 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2019-13112 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2021-29457 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-29457 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-29473 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4252-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service important SUSE Linux exiv2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here