security advisorydenial of servicedebian
This update fixes a number of memory access violations and other input validation failures that can be triggered by passing specially crafted files to exiv2. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3265-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Helmut Grohne January 10, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : exiv2 Version : 0.25-4+deb10u4 CVE ID : CVE-2017-11591 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 CVE-2017-17669 CVE-2017-18005 CVE-2018-8976 CVE-2018-17581 CVE-2018-19107 CVE-2018-19108 CVE-2018-19535 CVE-2018-20097 CVE-2019-13110 CVE-2019-13112 CVE-2019-13114 CVE-2019-13504 CVE-2019-14369 CVE-2019-14370 CVE-2019-17402 CVE-2020-18771 CVE-2021-29458 CVE-2021-32815 CVE-2021-34334 CVE-2021-37620 CVE-2021-37621 CVE-2021-37622 Debian Bug : 876893 885981 886006 903813 910060 913272 913273 915135 932467 946341 987277 992705 992706 This update fixes a number of memory access violations and other input validation failures that can be triggered by passing specially crafted files to exiv2. CVE-2017-11591 There is a Floating point exception in the Exiv2::ValueType function that will lead to a remote denial of service attack via crafted input. CVE-2017-14859 An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2017-14862 An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2017-14864 An Invalid memory addressdereference was discovered in Exiv2::getULong in types.cpp. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2017-17669 There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A crafted PNG file will lead to a remote denial of service attack. CVE-2017-18005 Exiv2 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. CVE-2018-8976 jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. CVE-2018-17581 CiffDirectory::readDirectory() at crwimage_int.cpp has excessive stack consumption due to a recursive function, leading to Denial of service. CVE-2018-19107 Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. CVE-2018-19108 Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. CVE-2018-19535 PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. CVE-2018-20097 There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp. A crafted input will lead to a remote denial of service attack. CVE-2019-13110 A CiffDirectory::readDirectory integer overflow and out-of-bounds read allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. CVE-2019-13112 A PngChunk::parseChunkContent uncontrolled memory allocation allows an attacker to cause a denial of service (crash due toan std::bad_alloc exception) via a crafted PNG image file. CVE-2019-13114 http.c allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. CVE-2019-13504 There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp. CVE-2019-14369 Exiv2::PngImage::readMetadata() in pngimage.cpp allows attackers to cause a denial of service (heap-based buffer over- read) via a crafted image file. CVE-2019-14370 There is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. CVE-2019-17402 Exiv2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. CVE-2020-18771 Exiv2 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. CVE-2021-29458 An out-of-bounds read was found in Exiv2. The out-of- bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. CVE-2021-32815 The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fi`. CVE-2021-34334 An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. CVE-2021-37620 An out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. CVE-2021-37621 An infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). CVE-2021-37622 An infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). For Debian 10 buster, these problems have been fixed in version 0.25-4+deb10u4. We recommend that you upgrade your exiv2 packages. For the detailed security status of exiv2 please referto its security tracker page at: https://security-tracker.debian.org/tracker/source-package/exiv2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The latest release of exiv2 resolves various memory safety concerns and improves input verification measures, significantly bolstering the overall security framework.. Exiv2 Security Update, Debian LTS, Memory Access Issues, Denial Of Service. . LinuxSecurity.com Team
Jan 10, 2023
Debian LTS
Refine advisories
