Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2018.1882.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2018:1882-1)
Zusammenfassung:The remote host is missing an update for the 'exiv2' package(s) announced via the SUSE-SU-2018:1882-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'exiv2' package(s) announced via the SUSE-SU-2018:1882-1 advisory.

Vulnerability Insight:
This update for exiv2 to 0.26 fixes the following security issues:
- CVE-2017-14864: Prevent invalid memory address dereference in
Exiv2::getULong that could have caused a segmentation fault and
application crash, which leads to denial of service (bsc#1060995).
- CVE-2017-14862: Prevent invalid memory address dereference in
Exiv2::DataValue::read that could have caused a segmentation fault and
application crash, which leads to denial of service (bsc#1060996).
- CVE-2017-14859: Prevent invalid memory address dereference in
Exiv2::StringValueBase::read that could have caused a segmentation fault
and application crash, which leads to denial of service (bsc#1061000).
- CVE-2017-14860: Prevent heap-based buffer over-read in the
Exiv2::Jp2Image::readMetadata function via a crafted input that could
have lead to a denial of service attack (bsc#1061023).
- CVE-2017-11337: Prevent invalid free in the Action::TaskFactory::cleanup
function via a crafted input that could have lead to a remote denial of
service attack (bsc#1048883).
- CVE-2017-11338: Prevent infinite loop in the
Exiv2::Image::printIFDStructure function via a crafted input that could
have lead to a remote denial of service attack (bsc#1048883).
- CVE-2017-11339: Prevent heap-based buffer overflow in the
Image::printIFDStructure function via a crafted input that could have
lead to a remote denial of service attack (bsc#1048883).
- CVE-2017-11340: Prevent Segmentation fault in the XmpParser::terminate()
function via a crafted input that could have lead to a remote denial of
service attack (bsc#1048883).
- CVE-2017-12955: Prevent heap-based buffer overflow. The vulnerability
caused an out-of-bounds write in Exiv2::Image::printIFDStructure(),
which may lead to remote denial of service or possibly unspecified other
impact (bsc#1054593).
- CVE-2017-12956: Preventn illegal address access in
Exiv2::FileIo::path[abi:cxx11]() that could have lead to remote denial
of service (bsc#1054592).
- CVE-2017-12957: Prevent heap-based buffer over-read that was triggered
in the Exiv2::Image::io function and could have lead to remote denial of
service (bsc#1054590).
- CVE-2017-11683: Prevent reachable assertion in the
Internal::TiffReader::visitDirectory function that could have lead to a
remote denial of service attack via crafted input (bsc#1051188).
- CVE-2017-11591: Prevent Floating point exception in the Exiv2::ValueType
function that could have lead to a remote denial of service attack via
crafted input (bsc#1050257).
- CVE-2017-11553: Prevent illegal address access in the extend_alias_table
function via a crafted input could have lead to remote denial of service.
- CVE-2017-11592: Prevent mismatched Memory Management Routines
vulnerability in the Exiv2::FileIo::seek function that could have lead
to a remote denial of service attack (heap memory corruption) via
crafted input.

Affected Software/OS:
'exiv2' package(s) on SUSE Linux Enterprise Module for Desktop Applications 15

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-11337
Common Vulnerability Exposure (CVE) ID: CVE-2017-11338
Common Vulnerability Exposure (CVE) ID: CVE-2017-11339
Common Vulnerability Exposure (CVE) ID: CVE-2017-11340
Common Vulnerability Exposure (CVE) ID: CVE-2017-11553
Common Vulnerability Exposure (CVE) ID: CVE-2017-11591
Common Vulnerability Exposure (CVE) ID: CVE-2017-11592
Common Vulnerability Exposure (CVE) ID: CVE-2017-11683
Common Vulnerability Exposure (CVE) ID: CVE-2017-12955
Common Vulnerability Exposure (CVE) ID: CVE-2017-12956
Common Vulnerability Exposure (CVE) ID: CVE-2017-12957
Common Vulnerability Exposure (CVE) ID: CVE-2017-14859
Common Vulnerability Exposure (CVE) ID: CVE-2017-14860
Common Vulnerability Exposure (CVE) ID: CVE-2017-14862
Common Vulnerability Exposure (CVE) ID: CVE-2017-14864
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.