Bug 47301 - exiv2: Multiple issues (4.3)
exiv2: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-1-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-04 13:03 CEST by Philipp Hahn
Modified: 2018-07-04 14:54 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 3.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-07-04 13:03:26 CEST
New Debian exiv2 0.25-3.1+deb9u1 fixes:
This update addresses the following issue(s):
* 

This update addresses the following issue(s):
* 
CVE_2017-11591 is open
CVE_2017-11683 is open
CVE_2017-14859 is open
CVE_2017-14862 is open
CVE_2017-14864 is open
CVE_2017-17669 is open
CVE_2017-17723 is open
CVE_2017-17725 is open
CVE_2017-18005 is open
CVE_2017-1000128 is open
CVE_2018-8976 is open
CVE_2018-9144 is open
CVE_2018-9145 is undetermined
CVE_2018-10780 is undetermined
* In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (CVE-2018-10958)
* An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (CVE-2018-10998)
* An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. (CVE-2018-10999)
CVE_2018-11037 is open
* Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. (CVE-2018-11531)
* Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. (CVE-2018-12264)
* Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. (CVE-2018-12265)

0.25-3.1+deb9u1 (Wed, 27 Jun 2018 08:09:36 -0400)
  * Non-maintainer upload by the Security Team.
  * CVE-2018-10958: denial of service through memory exhaustion and
    application crash by a crafted PNG image.
  * CVE-2018-10999: a heap-based buffer over-read via a crafted PNG image.
  * CVE-2018-10998: denial of service through memory exhaustion and
    application crash by a crafted image.
  * CVE-2018-11531: a heap-based buffer overflow and application crash by a
    crafted image.
  * CVE-2018-12264: integer overflow leading to out of bounds read by a
  * CVE-2018-12265: integer overflow leading to out of bounds read by a
* CVE-2018-10958 exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress() (CVE-2018-10958)
* CVE-2018-10998 exiv2: SIGABRT by triggering an incorrect Safe::add call (CVE-2018-10998)
* CVE-2018-10999 exiv2: heap-based buffer over-read in parseTXTChunk function (CVE-2018-10999)
* CVE-2018-11531 exiv2: heap-based buffer overflow in getData in preview.cpp (CVE-2018-11531)
* CVE-2018-12264 exiv2: integer overflow in getData function in preview.cpp (CVE-2018-12264)
* CVE-2018-12265 exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp (CVE-2018-12265)
Comment 1 Philipp Hahn univentionstaff 2018-07-04 13:24:14 CEST
[4.3-1] 7dff02174e Bug #47301: exiv2 0.25-3.1+deb9u1
 doc/errata/staging/exiv2.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

<http://10.200.17.11/4.3-1/#4074664823671073560>
Comment 2 Arvid Requate univentionstaff 2018-07-04 14:54:13 CEST
<http://errata.software-univention.de/ucs/4.3/128.html>