Detections
Analytics
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : exiv2-0_26 (SUSE-SU-2022:4208-1)
critical Nessus Plugin ID 168169
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4208-1 advisory.- CVE-2019-17402: Fixed improper validation of the total size to the offset and size leads to a crash in Exiv2::getULong in types.cpp (bsc#1153577).
- CVE-2018-20098: Fixed a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header (bsc#1119560).
- CVE-2018-17581: Fixed an excessive stack consumption CiffDirectory:readDirectory() at crwimage_int.cpp (bsc#1110282).
- CVE-2018-20099: exiv2: infinite loop in Exiv2::Jp2Image::encodeJp2Header (bsc#1119559).
- CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562).
- CVE-2017-11591: Fixed a floating point exception in Exiv2::ValueType (bsc#1050257).
- CVE-2018-11531: Fixed a heap-based buffer overflow in getData in preview.cpp (bsc#1095070).
- CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337).
- CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231).
- CVE-2019-13109: Fixed a denial of service in PngImage:readMetadata (bsc#1142677).
- CVE-2019-13110: Fixed an integer-overflow and out-of-bounds read in CiffDirectory:readDirectory leads to denail of service (bsc#1142678).
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected libexiv2-26 and / or libexiv2-26-32bit packages.See Also
https://bugzilla.suse.com/1050257
https://bugzilla.suse.com/1095070
https://bugzilla.suse.com/1110282
https://bugzilla.suse.com/1119559
https://bugzilla.suse.com/1119560
https://bugzilla.suse.com/1119562
https://bugzilla.suse.com/1142677
https://bugzilla.suse.com/1142678
https://bugzilla.suse.com/1153577
https://bugzilla.suse.com/1186231
https://bugzilla.suse.com/1189337
https://www.suse.com/security/cve/CVE-2017-11591
https://www.suse.com/security/cve/CVE-2018-11531
https://www.suse.com/security/cve/CVE-2018-17581
https://www.suse.com/security/cve/CVE-2018-20097
https://www.suse.com/security/cve/CVE-2018-20098
https://www.suse.com/security/cve/CVE-2018-20099
https://www.suse.com/security/cve/CVE-2019-13109
https://www.suse.com/security/cve/CVE-2019-13110
https://www.suse.com/security/cve/CVE-2019-17402
https://www.suse.com/security/cve/CVE-2021-29473
Plugin Details
Severity: Critical
ID: 168169
File Name: suse_SU-2022-4208-1.nasl
Version: 1.7
Type: Local
Agent: unix
Family: SuSE Local Security Checks
Published: 11/24/2022
Updated: 6/25/2026
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, tenable_cloud_security, tenable_self_hosted_container_security, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2018-11531
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:libexiv2-26
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/23/2022
Vulnerability Publication Date: 7/24/2017
Reference Information
CVE: CVE-2017-11591, CVE-2018-11531, CVE-2018-17581, CVE-2018-20097, CVE-2018-20098, CVE-2018-20099, CVE-2019-13109, CVE-2019-13110, CVE-2019-17402, CVE-2021-29473, CVE-2021-32815
SuSE: SUSE-SU-2022:4208-1