Synopsis
Moderate: exiv2 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for exiv2, gegl, gnome-color-manager, and libgexiv2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments.
The following packages have been upgraded to a later upstream version: exiv2 (0.27.2). (BZ#1651917)
Security Fix(es):
- exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421)
- exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp (CVE-2017-18005)
- exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp (CVE-2018-4868)
- exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp (CVE-2018-9303)
- exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp (CVE-2018-9304)
- exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305)
- exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772)
- exiv2: information leak via a crafted file (CVE-2018-11037)
- exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338)
- exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp (CVE-2018-17229)
- exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp (CVE-2018-17230)
- exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282)
- exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581)
- exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915)
- exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107)
- exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108)
- exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535)
- exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607)
- exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096)
- exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097)
- exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098)
- exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099)
- exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service (CVE-2019-9143)
- exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109)
- exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service (CVE-2019-13111)
- exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service (CVE-2019-13112)
- exiv2: invalid data location in CRW image file causing denial of service (CVE-2019-13113)
- exiv2: null-pointer dereference in http.c causing denial of service (CVE-2019-13114)
- exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9306)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
-
Red Hat Enterprise Linux for x86_64 8 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 8 s390x
-
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
-
Red Hat Enterprise Linux for ARM 64 8 aarch64
-
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
-
Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
-
Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
-
Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Fixes
- BZ - 1531171 - CVE-2017-18005 exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp
- BZ - 1531724 - CVE-2018-4868 exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp
- BZ - 1566725 - CVE-2018-9303 exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp
- BZ - 1566731 - CVE-2018-9304 exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp
- BZ - 1566735 - CVE-2018-9305 exiv2: out of bounds read in IptcData::printStructure in iptc.c
- BZ - 1566737 - CVE-2018-9306 exiv2: out of bounds read in IptcData::printStructure in iptc.c
- BZ - 1579544 - CVE-2018-11037 exiv2: information leak via a crafted file
- BZ - 1594627 - CVE-2018-10772 exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file
- BZ - 1609396 - CVE-2018-14338 exiv2: buffer overflow in samples/geotag.cpp
- BZ - 1632481 - CVE-2018-17229 exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp
- BZ - 1632484 - CVE-2018-17230 exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp
- BZ - 1632490 - CVE-2018-17282 exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash
- BZ - 1635045 - CVE-2018-17581 exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service
- BZ - 1646555 - CVE-2018-18915 exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp
- BZ - 1649094 - CVE-2018-19107 exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp
- BZ - 1649101 - CVE-2018-19108 exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp
- BZ - 1651917 - Rebase exiv2 to 0.27.2
- BZ - 1656187 - CVE-2018-19535 exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp
- BZ - 1656195 - CVE-2018-19607 exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp
- BZ - 1660423 - CVE-2018-20096 exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service
- BZ - 1660424 - CVE-2018-20097 exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function
- BZ - 1660425 - CVE-2018-20098 exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service
- BZ - 1660426 - CVE-2018-20099 exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service
- BZ - 1684381 - CVE-2019-9143 exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service
- BZ - 1728484 - CVE-2019-13109 exiv2: denial of service in PngImage::readMetadata
- BZ - 1728488 - CVE-2019-13111 exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service
- BZ - 1728490 - CVE-2019-13112 exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service
- BZ - 1728492 - CVE-2019-13113 exiv2: invalid data location in CRW image file causing denial of service
- BZ - 1728494 - CVE-2019-13114 exiv2: null-pointer dereference in http.c causing denial of service
- BZ - 1757444 - Rebuild against exiv2-0.27.2
- BZ - 1757445 - Rebuild against exiv2-0.27.2
- BZ - 1767748 - rebuild gegl against new exiv2
- BZ - 1800472 - CVE-2019-20421 exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS
CVEs
References
Vulmon