RHEL 8 : exiv2 (RHSA-2020:1577)
medium Nessus Plugin ID 143032
New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 5.9
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1577 advisory.- exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp (CVE-2017-18005)
- exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772)
- exiv2: information leak via a crafted file (CVE-2018-11037)
- exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338)
- exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp (CVE-2018-17229)
- exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp (CVE-2018-17230)
- exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282)
- exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581)
- exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915)
- exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107)
- exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108)
- exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535)
- exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607)
- exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096)
- exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097)
- exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098)
- exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099)
- exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp (CVE-2018-4868)
- exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp (CVE-2018-9303)
- exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp (CVE-2018-9304)
- exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305, CVE-2018-9306)
- exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109)
- exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service (CVE-2019-13111)
- exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service (CVE-2019-13112)
- exiv2: invalid data location in CRW image file causing denial of service (CVE-2019-13113)
- exiv2: null-pointer dereference in http.c causing denial of service (CVE-2019-13114)
- exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421)
- exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service (CVE-2019-9143)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://cwe.mitre.org/data/definitions/121.html
https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/125.html
https://cwe.mitre.org/data/definitions/190.html
https://cwe.mitre.org/data/definitions/200.html
https://cwe.mitre.org/data/definitions/369.html
https://cwe.mitre.org/data/definitions/400.html
https://cwe.mitre.org/data/definitions/476.html
https://cwe.mitre.org/data/definitions/617.html
https://cwe.mitre.org/data/definitions/835.html
https://access.redhat.com/security/cve/CVE-2017-18005
https://access.redhat.com/security/cve/CVE-2018-4868
https://access.redhat.com/security/cve/CVE-2018-9303
https://access.redhat.com/security/cve/CVE-2018-9304
https://access.redhat.com/security/cve/CVE-2018-9305
https://access.redhat.com/security/cve/CVE-2018-9306
https://access.redhat.com/security/cve/CVE-2018-10772
https://access.redhat.com/security/cve/CVE-2018-11037
https://access.redhat.com/security/cve/CVE-2018-14338
https://access.redhat.com/security/cve/CVE-2018-17229
https://access.redhat.com/security/cve/CVE-2018-17230
https://access.redhat.com/security/cve/CVE-2018-17282
https://access.redhat.com/security/cve/CVE-2018-17581
https://access.redhat.com/security/cve/CVE-2018-18915
https://access.redhat.com/security/cve/CVE-2018-19107
https://access.redhat.com/security/cve/CVE-2018-19108
https://access.redhat.com/security/cve/CVE-2018-19535
https://access.redhat.com/security/cve/CVE-2018-19607
https://access.redhat.com/security/cve/CVE-2018-20096
https://access.redhat.com/security/cve/CVE-2018-20097
https://access.redhat.com/security/cve/CVE-2018-20098
https://access.redhat.com/security/cve/CVE-2018-20099
https://access.redhat.com/security/cve/CVE-2019-9143
https://access.redhat.com/security/cve/CVE-2019-13109
https://access.redhat.com/security/cve/CVE-2019-13111
https://access.redhat.com/security/cve/CVE-2019-13112
https://access.redhat.com/security/cve/CVE-2019-13113
https://access.redhat.com/security/cve/CVE-2019-13114
https://access.redhat.com/security/cve/CVE-2019-20421
https://access.redhat.com/errata/RHSA-2020:1577
https://bugzilla.redhat.com/1531171
https://bugzilla.redhat.com/1531724
https://bugzilla.redhat.com/1566725
https://bugzilla.redhat.com/1566731
https://bugzilla.redhat.com/1566735
https://bugzilla.redhat.com/1566737
https://bugzilla.redhat.com/1579544
https://bugzilla.redhat.com/1594627
https://bugzilla.redhat.com/1609396
https://bugzilla.redhat.com/1632481
https://bugzilla.redhat.com/1632484
https://bugzilla.redhat.com/1632490
https://bugzilla.redhat.com/1635045
https://bugzilla.redhat.com/1646555
https://bugzilla.redhat.com/1649094
https://bugzilla.redhat.com/1649101
https://bugzilla.redhat.com/1656187
https://bugzilla.redhat.com/1656195
https://bugzilla.redhat.com/1660423
https://bugzilla.redhat.com/1660424
https://bugzilla.redhat.com/1660425
https://bugzilla.redhat.com/1660426
https://bugzilla.redhat.com/1684381
https://bugzilla.redhat.com/1728484
https://bugzilla.redhat.com/1728488
https://bugzilla.redhat.com/1728490
https://bugzilla.redhat.com/1728492
Plugin Details
Severity: Medium
ID: 143032
File Name: redhat-RHSA-2020-1577.nasl
Version: 1.3
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 11/18/2020
Updated: 11/19/2020
Dependencies: 12634
Risk Information
Risk Factor: Medium
VPR Score: 5.9
CVSS Score Source: CVE-2019-9143
CVSS v2.0
Base Score: 6.8
Temporal Score: 5
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal Vector: E:U/RL:OF/RC:C
CVSS v3.0
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:rhel_aus:8.2, cpe:/o:redhat:rhel_e4s:8.2, cpe:/o:redhat:rhel_eus:8.2, cpe:/o:redhat:rhel_eus:8.4, cpe:/o:redhat:rhel_tus:8.2, cpe:/a:redhat:enterprise_linux:8::appstream, cpe:/a:redhat:enterprise_linux:8::crb, cpe:/a:redhat:rhel_aus:8.2::appstream, cpe:/a:redhat:rhel_aus:8.2::crb, cpe:/a:redhat:rhel_e4s:8.2::appstream, cpe:/a:redhat:rhel_e4s:8.2::crb, cpe:/a:redhat:rhel_eus:8.2::appstream, cpe:/a:redhat:rhel_eus:8.2::crb, cpe:/a:redhat:rhel_eus:8.4::appstream, cpe:/a:redhat:rhel_eus:8.4::crb, cpe:/a:redhat:rhel_tus:8.2::appstream, cpe:/a:redhat:rhel_tus:8.2::crb, p-cpe:/a:redhat:enterprise_linux:exiv2, p-cpe:/a:redhat:enterprise_linux:exiv2-debugsource, p-cpe:/a:redhat:enterprise_linux:exiv2-devel, p-cpe:/a:redhat:enterprise_linux:exiv2-doc, p-cpe:/a:redhat:enterprise_linux:exiv2-libs, p-cpe:/a:redhat:enterprise_linux:gegl, p-cpe:/a:redhat:enterprise_linux:gegl-debugsource, p-cpe:/a:redhat:enterprise_linux:gnome-color-manager, p-cpe:/a:redhat:enterprise_linux:gnome-color-manager-debugsource, p-cpe:/a:redhat:enterprise_linux:libgexiv2, p-cpe:/a:redhat:enterprise_linux:libgexiv2-debugsource, p-cpe:/a:redhat:enterprise_linux:libgexiv2-devel
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 4/28/2020
Vulnerability Publication Date: 12/31/2017
Reference Information
CVE: CVE-2017-18005, CVE-2018-4868, CVE-2018-9303, CVE-2018-9304, CVE-2018-9305, CVE-2018-9306, CVE-2018-10772, CVE-2018-11037, CVE-2018-14338, CVE-2018-17229, CVE-2018-17230, CVE-2018-17282, CVE-2018-17581, CVE-2018-18915, CVE-2018-19107, CVE-2018-19108, CVE-2018-19535, CVE-2018-19607, CVE-2018-20096, CVE-2018-20097, CVE-2018-20098, CVE-2018-20099, CVE-2019-9143, CVE-2019-13109, CVE-2019-13111, CVE-2019-13112, CVE-2019-13113, CVE-2019-13114, CVE-2019-20421