Red Hat Security Advisory 2020-1577-01 - The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed include buffer overflow, denial of service, integer overflow, null pointer, and out of bounds read vulnerabilities.
6fcb4e765512a1fc4a9efa0f5040844be05727c64e0629c4fcd021ddd955a548-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: exiv2 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:1577-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1577
Issue date: 2020-04-28
CVE Names: CVE-2017-18005 CVE-2018-4868 CVE-2018-9303
CVE-2018-9304 CVE-2018-9305 CVE-2018-9306
CVE-2018-10772 CVE-2018-11037 CVE-2018-14338
CVE-2018-17229 CVE-2018-17230 CVE-2018-17282
CVE-2018-17581 CVE-2018-18915 CVE-2018-19107
CVE-2018-19108 CVE-2018-19535 CVE-2018-19607
CVE-2018-20096 CVE-2018-20097 CVE-2018-20098
CVE-2018-20099 CVE-2019-9143 CVE-2019-13109
CVE-2019-13111 CVE-2019-13112 CVE-2019-13113
CVE-2019-13114 CVE-2019-20421
====================================================================
1. Summary:
An update for exiv2, gegl, gnome-color-manager, and libgexiv2 is now
available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The exiv2 packages provide a command line utility which can display and
manipulate image metadata such as EXIF, LPTC, and JPEG comments.
The following packages have been upgraded to a later upstream version:
exiv2 (0.27.2). (BZ#1651917)
Security Fix(es):
* exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp
could lead to DoS (CVE-2019-20421)
* exiv2: null pointer dereference in the Exiv2::DataValue::toLong function
in value.cpp (CVE-2017-18005)
* exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata
function in jp2image.cpp (CVE-2018-4868)
* exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp
(CVE-2018-9303)
* exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp
(CVE-2018-9304)
* exiv2: out of bounds read in IptcData::printStructure in iptc.c
(CVE-2018-9305)
* exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via
crafted file (CVE-2018-10772)
* exiv2: information leak via a crafted file (CVE-2018-11037)
* exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338)
* exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp
(CVE-2018-17229)
* exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp
(CVE-2018-17230)
* exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp
leading to application crash (CVE-2018-17282)
* exiv2: Stack overflow in CiffDirectory::readDirectory() at
crwimage_int.cpp leading to denial of service (CVE-2018-17581)
* exiv2: infinite loop in Exiv2::Image::printIFDStructure function in
image.cpp (CVE-2018-18915)
* exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in
iptc.cpp (CVE-2018-19107)
* exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp
(CVE-2018-19108)
* exiv2: heap-based buffer over-read in PngChunk::readRawProfile in
pngchunk_int.cpp (CVE-2018-19535)
* exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp
(CVE-2018-19607)
* exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function
resulting in a denial of service (CVE-2018-20096)
* exiv2: Segmentation fault in
Exiv2::Internal::TiffParserWorker::findPrimaryGroups function
(CVE-2018-20097)
* exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header
resulting in a denial of service (CVE-2018-20098)
* exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a
denial of service (CVE-2018-20099)
* exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file
image.cpp resulting in denial of service (CVE-2019-9143)
* exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109)
* exiv2: integer overflow in WebPImage::decodeChunks leads to denial of
service (CVE-2019-13111)
* exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent
causing denial of service (CVE-2019-13112)
* exiv2: invalid data location in CRW image file causing denial of service
(CVE-2019-13113)
* exiv2: null-pointer dereference in http.c causing denial of service
(CVE-2019-13114)
* exiv2: out of bounds read in IptcData::printStructure in iptc.c
(CVE-2018-9306)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.2 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1531171 - CVE-2017-18005 exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp
1531724 - CVE-2018-4868 exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp
1566725 - CVE-2018-9303 exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp
1566731 - CVE-2018-9304 exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp
1566735 - CVE-2018-9305 exiv2: out of bounds read in IptcData::printStructure in iptc.c
1566737 - CVE-2018-9306 exiv2: out of bounds read in IptcData::printStructure in iptc.c
1579544 - CVE-2018-11037 exiv2: information leak via a crafted file
1594627 - CVE-2018-10772 exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file
1609396 - CVE-2018-14338 exiv2: buffer overflow in samples/geotag.cpp
1632481 - CVE-2018-17229 exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp
1632484 - CVE-2018-17230 exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp
1632490 - CVE-2018-17282 exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash
1635045 - CVE-2018-17581 exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service
1646555 - CVE-2018-18915 exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp
1649094 - CVE-2018-19107 exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp
1649101 - CVE-2018-19108 exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp
1651917 - Rebase exiv2 to 0.27.2
1656187 - CVE-2018-19535 exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp
1656195 - CVE-2018-19607 exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp
1660423 - CVE-2018-20096 exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service
1660424 - CVE-2018-20097 exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function
1660425 - CVE-2018-20098 exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service
1660426 - CVE-2018-20099 exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service
1684381 - CVE-2019-9143 exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service
1728484 - CVE-2019-13109 exiv2: denial of service in PngImage::readMetadata
1728488 - CVE-2019-13111 exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service
1728490 - CVE-2019-13112 exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service
1728492 - CVE-2019-13113 exiv2: invalid data location in CRW image file causing denial of service
1728494 - CVE-2019-13114 exiv2: null-pointer dereference in http.c causing denial of service
1757444 - Rebuild against exiv2-0.27.2
1757445 - Rebuild against exiv2-0.27.2
1767748 - rebuild gegl against new exiv2
1800472 - CVE-2019-20421 exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
exiv2-0.27.2-5.el8.src.rpm
gegl-0.2.0-39.el8.src.rpm
gnome-color-manager-3.28.0-3.el8.src.rpm
libgexiv2-0.10.8-4.el8.src.rpm
aarch64:
exiv2-0.27.2-5.el8.aarch64.rpm
exiv2-debuginfo-0.27.2-5.el8.aarch64.rpm
exiv2-debugsource-0.27.2-5.el8.aarch64.rpm
exiv2-libs-0.27.2-5.el8.aarch64.rpm
exiv2-libs-debuginfo-0.27.2-5.el8.aarch64.rpm
gegl-0.2.0-39.el8.aarch64.rpm
gegl-debuginfo-0.2.0-39.el8.aarch64.rpm
gegl-debugsource-0.2.0-39.el8.aarch64.rpm
libgexiv2-0.10.8-4.el8.aarch64.rpm
libgexiv2-debuginfo-0.10.8-4.el8.aarch64.rpm
libgexiv2-debugsource-0.10.8-4.el8.aarch64.rpm
ppc64le:
exiv2-0.27.2-5.el8.ppc64le.rpm
exiv2-debuginfo-0.27.2-5.el8.ppc64le.rpm
exiv2-debugsource-0.27.2-5.el8.ppc64le.rpm
exiv2-libs-0.27.2-5.el8.ppc64le.rpm
exiv2-libs-debuginfo-0.27.2-5.el8.ppc64le.rpm
gegl-0.2.0-39.el8.ppc64le.rpm
gegl-debuginfo-0.2.0-39.el8.ppc64le.rpm
gegl-debugsource-0.2.0-39.el8.ppc64le.rpm
gnome-color-manager-3.28.0-3.el8.ppc64le.rpm
gnome-color-manager-debuginfo-3.28.0-3.el8.ppc64le.rpm
gnome-color-manager-debugsource-3.28.0-3.el8.ppc64le.rpm
libgexiv2-0.10.8-4.el8.ppc64le.rpm
libgexiv2-debuginfo-0.10.8-4.el8.ppc64le.rpm
libgexiv2-debugsource-0.10.8-4.el8.ppc64le.rpm
s390x:
gegl-0.2.0-39.el8.s390x.rpm
gegl-debuginfo-0.2.0-39.el8.s390x.rpm
gegl-debugsource-0.2.0-39.el8.s390x.rpm
x86_64:
exiv2-0.27.2-5.el8.x86_64.rpm
exiv2-debuginfo-0.27.2-5.el8.i686.rpm
exiv2-debuginfo-0.27.2-5.el8.x86_64.rpm
exiv2-debugsource-0.27.2-5.el8.i686.rpm
exiv2-debugsource-0.27.2-5.el8.x86_64.rpm
exiv2-libs-0.27.2-5.el8.i686.rpm
exiv2-libs-0.27.2-5.el8.x86_64.rpm
exiv2-libs-debuginfo-0.27.2-5.el8.i686.rpm
exiv2-libs-debuginfo-0.27.2-5.el8.x86_64.rpm
gegl-0.2.0-39.el8.i686.rpm
gegl-0.2.0-39.el8.x86_64.rpm
gegl-debuginfo-0.2.0-39.el8.i686.rpm
gegl-debuginfo-0.2.0-39.el8.x86_64.rpm
gegl-debugsource-0.2.0-39.el8.i686.rpm
gegl-debugsource-0.2.0-39.el8.x86_64.rpm
gnome-color-manager-3.28.0-3.el8.x86_64.rpm
gnome-color-manager-debuginfo-3.28.0-3.el8.x86_64.rpm
gnome-color-manager-debugsource-3.28.0-3.el8.x86_64.rpm
libgexiv2-0.10.8-4.el8.i686.rpm
libgexiv2-0.10.8-4.el8.x86_64.rpm
libgexiv2-debuginfo-0.10.8-4.el8.i686.rpm
libgexiv2-debuginfo-0.10.8-4.el8.x86_64.rpm
libgexiv2-debugsource-0.10.8-4.el8.i686.rpm
libgexiv2-debugsource-0.10.8-4.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
Source:
exiv2-0.27.2-5.el8.src.rpm
libgexiv2-0.10.8-4.el8.src.rpm
aarch64:
exiv2-debuginfo-0.27.2-5.el8.aarch64.rpm
exiv2-debugsource-0.27.2-5.el8.aarch64.rpm
exiv2-devel-0.27.2-5.el8.aarch64.rpm
exiv2-libs-debuginfo-0.27.2-5.el8.aarch64.rpm
libgexiv2-debuginfo-0.10.8-4.el8.aarch64.rpm
libgexiv2-debugsource-0.10.8-4.el8.aarch64.rpm
libgexiv2-devel-0.10.8-4.el8.aarch64.rpm
noarch:
exiv2-doc-0.27.2-5.el8.noarch.rpm
ppc64le:
exiv2-debuginfo-0.27.2-5.el8.ppc64le.rpm
exiv2-debugsource-0.27.2-5.el8.ppc64le.rpm
exiv2-devel-0.27.2-5.el8.ppc64le.rpm
exiv2-libs-debuginfo-0.27.2-5.el8.ppc64le.rpm
libgexiv2-debuginfo-0.10.8-4.el8.ppc64le.rpm
libgexiv2-debugsource-0.10.8-4.el8.ppc64le.rpm
libgexiv2-devel-0.10.8-4.el8.ppc64le.rpm
s390x:
exiv2-0.27.2-5.el8.s390x.rpm
exiv2-debuginfo-0.27.2-5.el8.s390x.rpm
exiv2-debugsource-0.27.2-5.el8.s390x.rpm
exiv2-devel-0.27.2-5.el8.s390x.rpm
exiv2-libs-0.27.2-5.el8.s390x.rpm
exiv2-libs-debuginfo-0.27.2-5.el8.s390x.rpm
libgexiv2-0.10.8-4.el8.s390x.rpm
libgexiv2-debuginfo-0.10.8-4.el8.s390x.rpm
libgexiv2-debugsource-0.10.8-4.el8.s390x.rpm
libgexiv2-devel-0.10.8-4.el8.s390x.rpm
x86_64:
exiv2-debuginfo-0.27.2-5.el8.i686.rpm
exiv2-debuginfo-0.27.2-5.el8.x86_64.rpm
exiv2-debugsource-0.27.2-5.el8.i686.rpm
exiv2-debugsource-0.27.2-5.el8.x86_64.rpm
exiv2-devel-0.27.2-5.el8.i686.rpm
exiv2-devel-0.27.2-5.el8.x86_64.rpm
exiv2-libs-debuginfo-0.27.2-5.el8.i686.rpm
exiv2-libs-debuginfo-0.27.2-5.el8.x86_64.rpm
libgexiv2-debuginfo-0.10.8-4.el8.i686.rpm
libgexiv2-debuginfo-0.10.8-4.el8.x86_64.rpm
libgexiv2-debugsource-0.10.8-4.el8.i686.rpm
libgexiv2-debugsource-0.10.8-4.el8.x86_64.rpm
libgexiv2-devel-0.10.8-4.el8.i686.rpm
libgexiv2-devel-0.10.8-4.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2017-18005
https://access.redhat.com/security/cve/CVE-2018-4868
https://access.redhat.com/security/cve/CVE-2018-9303
https://access.redhat.com/security/cve/CVE-2018-9304
https://access.redhat.com/security/cve/CVE-2018-9305
https://access.redhat.com/security/cve/CVE-2018-9306
https://access.redhat.com/security/cve/CVE-2018-10772
https://access.redhat.com/security/cve/CVE-2018-11037
https://access.redhat.com/security/cve/CVE-2018-14338
https://access.redhat.com/security/cve/CVE-2018-17229
https://access.redhat.com/security/cve/CVE-2018-17230
https://access.redhat.com/security/cve/CVE-2018-17282
https://access.redhat.com/security/cve/CVE-2018-17581
https://access.redhat.com/security/cve/CVE-2018-18915
https://access.redhat.com/security/cve/CVE-2018-19107
https://access.redhat.com/security/cve/CVE-2018-19108
https://access.redhat.com/security/cve/CVE-2018-19535
https://access.redhat.com/security/cve/CVE-2018-19607
https://access.redhat.com/security/cve/CVE-2018-20096
https://access.redhat.com/security/cve/CVE-2018-20097
https://access.redhat.com/security/cve/CVE-2018-20098
https://access.redhat.com/security/cve/CVE-2018-20099
https://access.redhat.com/security/cve/CVE-2019-9143
https://access.redhat.com/security/cve/CVE-2019-13109
https://access.redhat.com/security/cve/CVE-2019-13111
https://access.redhat.com/security/cve/CVE-2019-13112
https://access.redhat.com/security/cve/CVE-2019-13113
https://access.redhat.com/security/cve/CVE-2019-13114
https://access.redhat.com/security/cve/CVE-2019-20421
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXqhVrdzjgjWX9erEAQhEshAAjydQ7MWvHPf96Bzo5YqL2h5BRGMLU7UI
m1271qcbiAnNu42MAXPETuY/BEX4nz12nDACRDDeLnI2jHFtus3CSO8JEq0/nI31
54SwqHwAEa1AmRArR6PkV97bL+c+P2AO0Rg+L17WsrClAE/pfHDHHtGEosIUawtW
6Wfn0pAU4mXrDK/GodMRje/l+JvbP9GGQZfM5OQ9K1eMZ+JOZydnnubp5ZWUa4jp
hh7Acbxs75HTf0ZzXGRKOWiEuv9yKfi/pjbokmtW3wGCH3v61Heyufb2JUsNqgj5
KRTHSRFUX3UqjcwOYbfh7MU68nyt2ZplgRFktqAcCu6Awm+/CdYwVJCi95ZhPrL1
xioPcXpiETgPRhdlbA4/lFLvy5J7ne5u5dlmn9y4ieNrbqrtwCbC9G+j4kPmdTsn
7MDr5HO/7Bt5W1zU6C+0ZxV0b8bu/MAIBdCWPvtoi5mkniLVgyhyuw9dtfvRTDtN
lXr+JbIRmhZEXAvrAv2eTQTRag47BHC/2NhoqVpdtlRnMExZKwpNdUOGpzAwVdQB
FaH7b4kdaeckmfPpeE1E9LHB8at/kXZw17IhbhmxzlRTwuLDDTAvagivuzYB01jL
ASbvIZpGmj3haY4y/ti26DRX9mgnmNOiYyedd7F7JjMQbT0FQWZRthJXPKIZffW3
us2tKbcUTC4=0UIZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed