The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2101 advisory.

  - exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in src/iptc.cpp (CVE-2017-17724)

  - exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp     (CVE-2018-4868)

  - exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp (CVE-2018-8976)

  - exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp     (CVE-2018-8977)

  - exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305)

  - exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772)

  - exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress()     (CVE-2018-10958)

  - exiv2: SIGABRT by triggering an incorrect Safe::add call (CVE-2018-10998)

  - exiv2: heap-based buffer over-read in parseTXTChunk function (CVE-2018-10999)

  - exiv2: information leak via a crafted file (CVE-2018-11037)

  - exiv2: integer overflow in getData function in preview.cpp (CVE-2018-12264)

  - exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp (CVE-2018-12265)

  - exiv2: heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp (CVE-2018-14046)

  - exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash     (CVE-2018-17282)

  - exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service     (CVE-2018-17581)

  - exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915)

  - exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107)

  - exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108)

  - exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535)

  - exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607)

  - exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service     (CVE-2018-20096)

  - exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function     (CVE-2018-20097)

  - exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service     (CVE-2018-20098)

  - exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099)

  - exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of     service (CVE-2019-9143)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : exiv2 (RHSA-2019:2101)

high Nessus Plugin ID 127672

Version 1.7