Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2020.0921.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:0921-1)
Summary:The remote host is missing an update for the 'exiv2' package(s) announced via the SUSE-SU-2020:0921-1 advisory.
Description:Summary:
The remote host is missing an update for the 'exiv2' package(s) announced via the SUSE-SU-2020:0921-1 advisory.

Vulnerability Insight:
This update for exiv2 fixes the following issues:

exiv2 was updated to latest 0.26 branch, fixing bugs and security issues:

CVE-2017-1000126: Fixed an out of bounds read in webp parser
(bsc#1068873).

CVE-2017-9239: Fixed a segmentation fault in
TiffImageEntry::doWriteImage function (bsc#1040973).

CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which
might have led to an out-of-bounds read (bsc#1097600).

CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could
have led to memory corruption (bsc#1097599).

CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via
a crafted image (bsc#1109175).

CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via
a crafted image (bsc#1109176).

CVE-2018-17282: Fixed a null pointer dereference in
Exiv2::DataValue::copy (bsc#1109299).

CVE-2018-19108: Fixed an integer overflow in
Exiv2::PsdImage::readMetadata which could have led to infinite loop
(bsc#1115364).

CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed
which might have led to denial
of service (bsc#1117513).

CVE-2018-9305: Fixed an out of bounds read in IptcData::printStructure
which might have led to information leak or denial of service
(bsc#1088424).

CVE-2019-13114: Fixed a null pointer dereference which might have led to
denial of service via a crafted response of an malicious http server
(bsc#1142684).

Affected Software/OS:
'exiv2' package(s) on SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Desktop Applications 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-9239
BugTraq ID: 98720
http://www.securityfocus.com/bid/98720
http://dev.exiv2.org/issues/1295
https://github.com/lolo-pop/poc/tree/master/Segmentation%20fault%20in%20convert-test(exiv2)
SuSE Security Announcement: openSUSE-SU-2020:0482 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
https://usn.ubuntu.com/3852-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-9305
https://security.gentoo.org/glsa/201811-14
https://github.com/Exiv2/exiv2/issues/263
https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md
RedHat Security Advisories: RHSA-2019:2101
https://access.redhat.com/errata/RHSA-2019:2101
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.